integrations.sh
← all integrations

googleapis.com – iam

OpenAPI apis-guru analyticsmedia

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Homepage
https://api.apis.guru/v2/specs/googleapis.com:iam/v1.json
Provider
googleapis.com:iam / iam
OpenAPI version
3.0.0
Spec (JSON)
https://api.apis.guru/v2/specs/googleapis.com/iam/v1/openapi.json
Spec (YAML)
https://api.apis.guru/v2/specs/googleapis.com/iam/v1/openapi.yaml

Tools (34)

Extracted live via the executor SDK.

  • iamPolicies.iamIamPoliciesLintPolicy

    Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP 200 OK status code, even if the linter detects an issue in the IAM policy.

  • iamPolicies.iamIamPoliciesQueryAuditableServices

    Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the .

  • locations.iamLocationsWorkforcePoolsCreate

    Creates a new WorkforcePool. You cannot reuse the name of a deleted pool until 30 days after deletion.

  • locations.iamLocationsWorkforcePoolsList

    Lists all non-deleted WorkforcePools under the specified parent. If show_deleted is set to true, then deleted pools are also listed.

  • permissions.iamPermissionsQueryTestablePermissions

    Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsCreate

    Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsList

    Lists all non-deleted WorkloadIdentityPools in a project. If show_deleted is set to true, then deleted pools are also listed.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsProvidersCreate

    Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsProvidersKeysCreate

    Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsProvidersKeysList

    Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project. If show_deleted is set to true, then deleted pools are also listed.

  • projects.iamProjectsLocationsWorkloadIdentityPoolsProvidersList

    Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. If show_deleted is set to true, then deleted providers are also listed.

  • projects.iamProjectsRolesCreate

    Creates a new custom Role.

  • projects.iamProjectsRolesList

    Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

  • projects.iamProjectsServiceAccountsCreate

    Creates a ServiceAccount.

  • projects.iamProjectsServiceAccountsGetIamPolicy

    Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's method.

  • projects.iamProjectsServiceAccountsKeysCreate

    Creates a ServiceAccountKey.

  • projects.iamProjectsServiceAccountsKeysDelete

    Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

  • projects.iamProjectsServiceAccountsKeysDisable

    Disable a ServiceAccountKey. A disabled service account key can be re-enabled with EnableServiceAccountKey.

  • projects.iamProjectsServiceAccountsKeysEnable

    Enable a ServiceAccountKey.

  • projects.iamProjectsServiceAccountsKeysList

    Lists every ServiceAccountKey for a service account.

  • projects.iamProjectsServiceAccountsKeysUpload

    Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount. After you upload the public key, you can use the private key from the key pair as a service account key.

  • projects.iamProjectsServiceAccountsList

    Lists every ServiceAccount that belongs to a specific project.

  • projects.iamProjectsServiceAccountsPatch

    Patches a ServiceAccount.

  • projects.iamProjectsServiceAccountsSetIamPolicy

    Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's getIamPolicy method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's setIamPolicy method to update its IAM policy. For detailed instructions, see or .

  • projects.iamProjectsServiceAccountsSignBlob

    Note: This method is deprecated. Use the method in the IAM Service Account Credentials API instead. If you currently use this method, see the for instructions. Signs a blob using the system-managed private key for a ServiceAccount.

  • projects.iamProjectsServiceAccountsSignJwt

    Note: This method is deprecated. Use the method in the IAM Service Account Credentials API instead. If you currently use this method, see the for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.

  • projects.iamProjectsServiceAccountsTestIamPermissions

    Tests whether the caller has the specified permissions on a ServiceAccount.

  • projects.iamProjectsServiceAccountsUndelete

    Restores a deleted ServiceAccount. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

  • projects.iamProjectsServiceAccountsUpdate

    Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the display_name field.

  • roles.iamRolesGet

    Gets the definition of a Role.

  • roles.iamRolesList

    Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

  • roles.iamRolesQueryGrantableRoles

    Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.

  • openapi.previewSpec

    Preview an OpenAPI document before adding it as a source

  • openapi.addSource

    Add an OpenAPI source and register its operations as tools