iam_client.go

Documentation: cloud.google.com/go/iam/admin/apiv1

     1  // Copyright 2019 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by gapic-generator. DO NOT EDIT.
    16  
    17  package admin
    18  
    19  import (
    20  	"context"
    21  	"fmt"
    22  	"math"
    23  	"net/url"
    24  	"time"
    25  
    26  	"cloud.google.com/go/iam/admin/apiv1/adminpb"
    27  	"cloud.google.com/go/iam/apiv1/iampb"
    28  	gax "github.com/googleapis/gax-go/v2"
    29  	"google.golang.org/api/iterator"
    30  	"google.golang.org/api/option"
    31  	gtransport "google.golang.org/api/transport/grpc"
    32  	"google.golang.org/grpc"
    33  	"google.golang.org/grpc/codes"
    34  	"google.golang.org/grpc/metadata"
    35  	"google.golang.org/protobuf/proto"
    36  )
    37  
    38  // IamCallOptions contains the retry settings for each method of IamClient.
    39  type IamCallOptions struct {
    40  	ListServiceAccounts      []gax.CallOption
    41  	GetServiceAccount        []gax.CallOption
    42  	CreateServiceAccount     []gax.CallOption
    43  	UpdateServiceAccount     []gax.CallOption
    44  	DeleteServiceAccount     []gax.CallOption
    45  	ListServiceAccountKeys   []gax.CallOption
    46  	GetServiceAccountKey     []gax.CallOption
    47  	CreateServiceAccountKey  []gax.CallOption
    48  	DeleteServiceAccountKey  []gax.CallOption
    49  	SignBlob                 []gax.CallOption
    50  	GetIamPolicy             []gax.CallOption
    51  	SetIamPolicy             []gax.CallOption
    52  	TestIamPermissions       []gax.CallOption
    53  	QueryGrantableRoles      []gax.CallOption
    54  	SignJwt                  []gax.CallOption
    55  	ListRoles                []gax.CallOption
    56  	GetRole                  []gax.CallOption
    57  	CreateRole               []gax.CallOption
    58  	UpdateRole               []gax.CallOption
    59  	DeleteRole               []gax.CallOption
    60  	UndeleteRole             []gax.CallOption
    61  	QueryTestablePermissions []gax.CallOption
    62  }
    63  
    64  func defaultIamClientOptions() []option.ClientOption {
    65  	return []option.ClientOption{
    66  		option.WithEndpoint("iam.googleapis.com:443"),
    67  		option.WithScopes(DefaultAuthScopes()...),
    68  		option.WithGRPCDialOption(grpc.WithDefaultCallOptions(
    69  			grpc.MaxCallRecvMsgSize(math.MaxInt32))),
    70  	}
    71  }
    72  
    73  func defaultIamCallOptions() *IamCallOptions {
    74  	retry := map[[2]string][]gax.CallOption{
    75  		{"default", "idempotent"}: {
    76  			gax.WithRetry(func() gax.Retryer {
    77  				return gax.OnCodes([]codes.Code{
    78  					codes.DeadlineExceeded,
    79  					codes.Unavailable,
    80  				}, gax.Backoff{
    81  					Initial:    100 * time.Millisecond,
    82  					Max:        60000 * time.Millisecond,
    83  					Multiplier: 1.3,
    84  				})
    85  			}),
    86  		},
    87  	}
    88  	return &IamCallOptions{
    89  		ListServiceAccounts:      retry[[2]string{"default", "idempotent"}],
    90  		GetServiceAccount:        retry[[2]string{"default", "idempotent"}],
    91  		CreateServiceAccount:     retry[[2]string{"default", "non_idempotent"}],
    92  		UpdateServiceAccount:     retry[[2]string{"default", "idempotent"}],
    93  		DeleteServiceAccount:     retry[[2]string{"default", "idempotent"}],
    94  		ListServiceAccountKeys:   retry[[2]string{"default", "idempotent"}],
    95  		GetServiceAccountKey:     retry[[2]string{"default", "idempotent"}],
    96  		CreateServiceAccountKey:  retry[[2]string{"default", "non_idempotent"}],
    97  		DeleteServiceAccountKey:  retry[[2]string{"default", "idempotent"}],
    98  		SignBlob:                 retry[[2]string{"default", "non_idempotent"}],
    99  		GetIamPolicy:             retry[[2]string{"default", "non_idempotent"}],
   100  		SetIamPolicy:             retry[[2]string{"default", "non_idempotent"}],
   101  		TestIamPermissions:       retry[[2]string{"default", "non_idempotent"}],
   102  		QueryGrantableRoles:      retry[[2]string{"default", "non_idempotent"}],
   103  		SignJwt:                  retry[[2]string{"default", "non_idempotent"}],
   104  		ListRoles:                retry[[2]string{"default", "idempotent"}],
   105  		GetRole:                  retry[[2]string{"default", "idempotent"}],
   106  		CreateRole:               retry[[2]string{"default", "non_idempotent"}],
   107  		UpdateRole:               retry[[2]string{"default", "non_idempotent"}],
   108  		DeleteRole:               retry[[2]string{"default", "non_idempotent"}],
   109  		UndeleteRole:             retry[[2]string{"default", "non_idempotent"}],
   110  		QueryTestablePermissions: retry[[2]string{"default", "non_idempotent"}],
   111  	}
   112  }
   113  
   114  // IamClient is a client for interacting with Google Identity and Access Management (IAM) API.
   115  //
   116  // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
   117  type IamClient struct {
   118  	// The connection to the service.
   119  	connPool gtransport.ConnPool
   120  
   121  	// The gRPC API client.
   122  	iamClient adminpb.IAMClient
   123  
   124  	// The call options for this service.
   125  	CallOptions *IamCallOptions
   126  
   127  	// The x-goog-* metadata to be sent with each request.
   128  	xGoogMetadata metadata.MD
   129  }
   130  
   131  // NewIamClient creates a new iam client.
   132  //
   133  // Creates and manages service account objects.
   134  //
   135  // Service account is an account that belongs to your project instead
   136  // of to an individual end user. It is used to authenticate calls
   137  // to a Google API.
   138  //
   139  // To create a service account, specify the project_id and account_id
   140  // for the account.  The account_id is unique within the project, and used
   141  // to generate the service account email address and a stable
   142  // unique_id.
   143  //
   144  // All other methods can identify accounts using the format
   145  // projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}.
   146  // Using - as a wildcard for the project will infer the project from
   147  // the account. The account value can be the email address or the
   148  // unique_id of the service account.
   149  func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) {
   150  	connPool, err := gtransport.DialPool(ctx, append(defaultIamClientOptions(), opts...)...)
   151  	if err != nil {
   152  		return nil, err
   153  	}
   154  	c := &IamClient{
   155  		connPool:    connPool,
   156  		CallOptions: defaultIamCallOptions(),
   157  
   158  		iamClient: adminpb.NewIAMClient(connPool),
   159  	}
   160  	c.setGoogleClientInfo()
   161  	return c, nil
   162  }
   163  
   164  // Connection returns the client's connection to the API service.
   165  func (c *IamClient) Connection() *grpc.ClientConn {
   166  	return c.connPool.Conn()
   167  }
   168  
   169  // Close closes the connection to the API service. The user should invoke this when
   170  // the client is no longer required.
   171  func (c *IamClient) Close() error {
   172  	return c.connPool.Close()
   173  }
   174  
   175  // setGoogleClientInfo sets the name and version of the application in
   176  // the `x-goog-api-client` header passed on each request. Intended for
   177  // use by Google-written clients.
   178  func (c *IamClient) setGoogleClientInfo(keyval ...string) {
   179  	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
   180  	kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
   181  	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
   182  }
   183  
   184  // ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.
   185  func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator {
   186  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   187  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   188  	opts = append(c.CallOptions.ListServiceAccounts[0:len(c.CallOptions.ListServiceAccounts):len(c.CallOptions.ListServiceAccounts)], opts...)
   189  	it := &ServiceAccountIterator{}
   190  	req = proto.Clone(req).(*adminpb.ListServiceAccountsRequest)
   191  	it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.ServiceAccount, string, error) {
   192  		var resp *adminpb.ListServiceAccountsResponse
   193  		req.PageToken = pageToken
   194  		if pageSize > math.MaxInt32 {
   195  			req.PageSize = math.MaxInt32
   196  		} else {
   197  			req.PageSize = int32(pageSize)
   198  		}
   199  		err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   200  			var err error
   201  			resp, err = c.iamClient.ListServiceAccounts(ctx, req, settings.GRPC...)
   202  			return err
   203  		}, opts...)
   204  		if err != nil {
   205  			return nil, "", err
   206  		}
   207  		return resp.Accounts, resp.NextPageToken, nil
   208  	}
   209  	fetch := func(pageSize int, pageToken string) (string, error) {
   210  		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
   211  		if err != nil {
   212  			return "", err
   213  		}
   214  		it.items = append(it.items, items...)
   215  		return nextPageToken, nil
   216  	}
   217  	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
   218  	it.pageInfo.MaxSize = int(req.PageSize)
   219  	it.pageInfo.Token = req.PageToken
   220  	return it
   221  }
   222  
   223  // GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   224  func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
   225  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   226  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   227  	opts = append(c.CallOptions.GetServiceAccount[0:len(c.CallOptions.GetServiceAccount):len(c.CallOptions.GetServiceAccount)], opts...)
   228  	var resp *adminpb.ServiceAccount
   229  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   230  		var err error
   231  		resp, err = c.iamClient.GetServiceAccount(ctx, req, settings.GRPC...)
   232  		return err
   233  	}, opts...)
   234  	if err != nil {
   235  		return nil, err
   236  	}
   237  	return resp, nil
   238  }
   239  
   240  // CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]
   241  // and returns it.
   242  func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
   243  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   244  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   245  	opts = append(c.CallOptions.CreateServiceAccount[0:len(c.CallOptions.CreateServiceAccount):len(c.CallOptions.CreateServiceAccount)], opts...)
   246  	var resp *adminpb.ServiceAccount
   247  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   248  		var err error
   249  		resp, err = c.iamClient.CreateServiceAccount(ctx, req, settings.GRPC...)
   250  		return err
   251  	}, opts...)
   252  	if err != nil {
   253  		return nil, err
   254  	}
   255  	return resp, nil
   256  }
   257  
   258  // UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   259  //
   260  // Currently, only the following fields are updatable:
   261  // display_name .
   262  // The etag is mandatory.
   263  func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
   264  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   265  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   266  	opts = append(c.CallOptions.UpdateServiceAccount[0:len(c.CallOptions.UpdateServiceAccount):len(c.CallOptions.UpdateServiceAccount)], opts...)
   267  	var resp *adminpb.ServiceAccount
   268  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   269  		var err error
   270  		resp, err = c.iamClient.UpdateServiceAccount(ctx, req, settings.GRPC...)
   271  		return err
   272  	}, opts...)
   273  	if err != nil {
   274  		return nil, err
   275  	}
   276  	return resp, nil
   277  }
   278  
   279  // DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   280  func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error {
   281  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   282  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   283  	opts = append(c.CallOptions.DeleteServiceAccount[0:len(c.CallOptions.DeleteServiceAccount):len(c.CallOptions.DeleteServiceAccount)], opts...)
   284  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   285  		var err error
   286  		_, err = c.iamClient.DeleteServiceAccount(ctx, req, settings.GRPC...)
   287  		return err
   288  	}, opts...)
   289  	return err
   290  }
   291  
   292  // ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].
   293  func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error) {
   294  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   295  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   296  	opts = append(c.CallOptions.ListServiceAccountKeys[0:len(c.CallOptions.ListServiceAccountKeys):len(c.CallOptions.ListServiceAccountKeys)], opts...)
   297  	var resp *adminpb.ListServiceAccountKeysResponse
   298  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   299  		var err error
   300  		resp, err = c.iamClient.ListServiceAccountKeys(ctx, req, settings.GRPC...)
   301  		return err
   302  	}, opts...)
   303  	if err != nil {
   304  		return nil, err
   305  	}
   306  	return resp, nil
   307  }
   308  
   309  // GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
   310  // by key id.
   311  func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
   312  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   313  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   314  	opts = append(c.CallOptions.GetServiceAccountKey[0:len(c.CallOptions.GetServiceAccountKey):len(c.CallOptions.GetServiceAccountKey)], opts...)
   315  	var resp *adminpb.ServiceAccountKey
   316  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   317  		var err error
   318  		resp, err = c.iamClient.GetServiceAccountKey(ctx, req, settings.GRPC...)
   319  		return err
   320  	}, opts...)
   321  	if err != nil {
   322  		return nil, err
   323  	}
   324  	return resp, nil
   325  }
   326  
   327  // CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
   328  // and returns it.
   329  func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
   330  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   331  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   332  	opts = append(c.CallOptions.CreateServiceAccountKey[0:len(c.CallOptions.CreateServiceAccountKey):len(c.CallOptions.CreateServiceAccountKey)], opts...)
   333  	var resp *adminpb.ServiceAccountKey
   334  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   335  		var err error
   336  		resp, err = c.iamClient.CreateServiceAccountKey(ctx, req, settings.GRPC...)
   337  		return err
   338  	}, opts...)
   339  	if err != nil {
   340  		return nil, err
   341  	}
   342  	return resp, nil
   343  }
   344  
   345  // DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
   346  func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error {
   347  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   348  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   349  	opts = append(c.CallOptions.DeleteServiceAccountKey[0:len(c.CallOptions.DeleteServiceAccountKey):len(c.CallOptions.DeleteServiceAccountKey)], opts...)
   350  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   351  		var err error
   352  		_, err = c.iamClient.DeleteServiceAccountKey(ctx, req, settings.GRPC...)
   353  		return err
   354  	}, opts...)
   355  	return err
   356  }
   357  
   358  // SignBlob signs a blob using a service account's system-managed private key.
   359  func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error) {
   360  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   361  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   362  	opts = append(c.CallOptions.SignBlob[0:len(c.CallOptions.SignBlob):len(c.CallOptions.SignBlob)], opts...)
   363  	var resp *adminpb.SignBlobResponse
   364  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   365  		var err error
   366  		resp, err = c.iamClient.SignBlob(ctx, req, settings.GRPC...)
   367  		return err
   368  	}, opts...)
   369  	if err != nil {
   370  		return nil, err
   371  	}
   372  	return resp, nil
   373  }
   374  
   375  // getIamPolicy returns the IAM access control policy for a
   376  // [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   377  func (c *IamClient) getIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
   378  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
   379  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   380  	opts = append(c.CallOptions.GetIamPolicy[0:len(c.CallOptions.GetIamPolicy):len(c.CallOptions.GetIamPolicy)], opts...)
   381  	var resp *iampb.Policy
   382  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   383  		var err error
   384  		resp, err = c.iamClient.GetIamPolicy(ctx, req, settings.GRPC...)
   385  		return err
   386  	}, opts...)
   387  	if err != nil {
   388  		return nil, err
   389  	}
   390  	return resp, nil
   391  }
   392  
   393  // setIamPolicy sets the IAM access control policy for a
   394  // [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   395  func (c *IamClient) setIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
   396  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
   397  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   398  	opts = append(c.CallOptions.SetIamPolicy[0:len(c.CallOptions.SetIamPolicy):len(c.CallOptions.SetIamPolicy)], opts...)
   399  	var resp *iampb.Policy
   400  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   401  		var err error
   402  		resp, err = c.iamClient.SetIamPolicy(ctx, req, settings.GRPC...)
   403  		return err
   404  	}, opts...)
   405  	if err != nil {
   406  		return nil, err
   407  	}
   408  	return resp, nil
   409  }
   410  
   411  // TestIamPermissions tests the specified permissions against the IAM access control policy
   412  // for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
   413  func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
   414  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
   415  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   416  	opts = append(c.CallOptions.TestIamPermissions[0:len(c.CallOptions.TestIamPermissions):len(c.CallOptions.TestIamPermissions)], opts...)
   417  	var resp *iampb.TestIamPermissionsResponse
   418  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   419  		var err error
   420  		resp, err = c.iamClient.TestIamPermissions(ctx, req, settings.GRPC...)
   421  		return err
   422  	}, opts...)
   423  	if err != nil {
   424  		return nil, err
   425  	}
   426  	return resp, nil
   427  }
   428  
   429  // QueryGrantableRoles queries roles that can be granted on a particular resource.
   430  // A role is grantable if it can be used as the role in a binding for a policy
   431  // for that resource.
   432  func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error) {
   433  	ctx = insertMetadata(ctx, c.xGoogMetadata)
   434  	opts = append(c.CallOptions.QueryGrantableRoles[0:len(c.CallOptions.QueryGrantableRoles):len(c.CallOptions.QueryGrantableRoles)], opts...)
   435  	var resp *adminpb.QueryGrantableRolesResponse
   436  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   437  		var err error
   438  		resp, err = c.iamClient.QueryGrantableRoles(ctx, req, settings.GRPC...)
   439  		return err
   440  	}, opts...)
   441  	if err != nil {
   442  		return nil, err
   443  	}
   444  	return resp, nil
   445  }
   446  
   447  // SignJwt signs a JWT using a service account's system-managed private key.
   448  //
   449  // If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an
   450  // an expiry time of one hour by default. If you request an expiry time of
   451  // more than one hour, the request will fail.
   452  func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error) {
   453  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   454  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   455  	opts = append(c.CallOptions.SignJwt[0:len(c.CallOptions.SignJwt):len(c.CallOptions.SignJwt)], opts...)
   456  	var resp *adminpb.SignJwtResponse
   457  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   458  		var err error
   459  		resp, err = c.iamClient.SignJwt(ctx, req, settings.GRPC...)
   460  		return err
   461  	}, opts...)
   462  	if err != nil {
   463  		return nil, err
   464  	}
   465  	return resp, nil
   466  }
   467  
   468  // ListRoles lists the Roles defined on a resource.
   469  func (c *IamClient) ListRoles(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) (*adminpb.ListRolesResponse, error) {
   470  	ctx = insertMetadata(ctx, c.xGoogMetadata)
   471  	opts = append(c.CallOptions.ListRoles[0:len(c.CallOptions.ListRoles):len(c.CallOptions.ListRoles)], opts...)
   472  	var resp *adminpb.ListRolesResponse
   473  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   474  		var err error
   475  		resp, err = c.iamClient.ListRoles(ctx, req, settings.GRPC...)
   476  		return err
   477  	}, opts...)
   478  	if err != nil {
   479  		return nil, err
   480  	}
   481  	return resp, nil
   482  }
   483  
   484  // GetRole gets a Role definition.
   485  func (c *IamClient) GetRole(ctx context.Context, req *adminpb.GetRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
   486  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   487  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   488  	opts = append(c.CallOptions.GetRole[0:len(c.CallOptions.GetRole):len(c.CallOptions.GetRole)], opts...)
   489  	var resp *adminpb.Role
   490  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   491  		var err error
   492  		resp, err = c.iamClient.GetRole(ctx, req, settings.GRPC...)
   493  		return err
   494  	}, opts...)
   495  	if err != nil {
   496  		return nil, err
   497  	}
   498  	return resp, nil
   499  }
   500  
   501  // CreateRole creates a new Role.
   502  func (c *IamClient) CreateRole(ctx context.Context, req *adminpb.CreateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
   503  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
   504  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   505  	opts = append(c.CallOptions.CreateRole[0:len(c.CallOptions.CreateRole):len(c.CallOptions.CreateRole)], opts...)
   506  	var resp *adminpb.Role
   507  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   508  		var err error
   509  		resp, err = c.iamClient.CreateRole(ctx, req, settings.GRPC...)
   510  		return err
   511  	}, opts...)
   512  	if err != nil {
   513  		return nil, err
   514  	}
   515  	return resp, nil
   516  }
   517  
   518  // UpdateRole updates a Role definition.
   519  func (c *IamClient) UpdateRole(ctx context.Context, req *adminpb.UpdateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
   520  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   521  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   522  	opts = append(c.CallOptions.UpdateRole[0:len(c.CallOptions.UpdateRole):len(c.CallOptions.UpdateRole)], opts...)
   523  	var resp *adminpb.Role
   524  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   525  		var err error
   526  		resp, err = c.iamClient.UpdateRole(ctx, req, settings.GRPC...)
   527  		return err
   528  	}, opts...)
   529  	if err != nil {
   530  		return nil, err
   531  	}
   532  	return resp, nil
   533  }
   534  
   535  // DeleteRole soft deletes a role. The role is suspended and cannot be used to create new
   536  // IAM Policy Bindings.
   537  // The Role will not be included in ListRoles() unless show_deleted is set
   538  // in the ListRolesRequest. The Role contains the deleted boolean set.
   539  // Existing Bindings remains, but are inactive. The Role can be undeleted
   540  // within 7 days. After 7 days the Role is deleted and all Bindings associated
   541  // with the role are removed.
   542  func (c *IamClient) DeleteRole(ctx context.Context, req *adminpb.DeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
   543  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   544  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   545  	opts = append(c.CallOptions.DeleteRole[0:len(c.CallOptions.DeleteRole):len(c.CallOptions.DeleteRole)], opts...)
   546  	var resp *adminpb.Role
   547  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   548  		var err error
   549  		resp, err = c.iamClient.DeleteRole(ctx, req, settings.GRPC...)
   550  		return err
   551  	}, opts...)
   552  	if err != nil {
   553  		return nil, err
   554  	}
   555  	return resp, nil
   556  }
   557  
   558  // UndeleteRole undelete a Role, bringing it back in its previous state.
   559  func (c *IamClient) UndeleteRole(ctx context.Context, req *adminpb.UndeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) {
   560  	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
   561  	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
   562  	opts = append(c.CallOptions.UndeleteRole[0:len(c.CallOptions.UndeleteRole):len(c.CallOptions.UndeleteRole)], opts...)
   563  	var resp *adminpb.Role
   564  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   565  		var err error
   566  		resp, err = c.iamClient.UndeleteRole(ctx, req, settings.GRPC...)
   567  		return err
   568  	}, opts...)
   569  	if err != nil {
   570  		return nil, err
   571  	}
   572  	return resp, nil
   573  }
   574  
   575  // QueryTestablePermissions lists the permissions testable on a resource.
   576  // A permission is testable if it can be tested for an identity on a resource.
   577  func (c *IamClient) QueryTestablePermissions(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) (*adminpb.QueryTestablePermissionsResponse, error) {
   578  	ctx = insertMetadata(ctx, c.xGoogMetadata)
   579  	opts = append(c.CallOptions.QueryTestablePermissions[0:len(c.CallOptions.QueryTestablePermissions):len(c.CallOptions.QueryTestablePermissions)], opts...)
   580  	var resp *adminpb.QueryTestablePermissionsResponse
   581  	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
   582  		var err error
   583  		resp, err = c.iamClient.QueryTestablePermissions(ctx, req, settings.GRPC...)
   584  		return err
   585  	}, opts...)
   586  	if err != nil {
   587  		return nil, err
   588  	}
   589  	return resp, nil
   590  }
   591  
   592  // ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.
   593  type ServiceAccountIterator struct {
   594  	items    []*adminpb.ServiceAccount
   595  	pageInfo *iterator.PageInfo
   596  	nextFunc func() error
   597  
   598  	// InternalFetch is for use by the Google Cloud Libraries only.
   599  	// It is not part of the stable interface of this package.
   600  	//
   601  	// InternalFetch returns results from a single call to the underlying RPC.
   602  	// The number of results is no greater than pageSize.
   603  	// If there are no more results, nextPageToken is empty and err is nil.
   604  	InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
   605  }
   606  
   607  // PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
   608  func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo {
   609  	return it.pageInfo
   610  }
   611  
   612  // Next returns the next result. Its second return value is iterator.Done if there are no more
   613  // results. Once Next returns Done, all subsequent calls will return Done.
   614  func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error) {
   615  	var item *adminpb.ServiceAccount
   616  	if err := it.nextFunc(); err != nil {
   617  		return item, err
   618  	}
   619  	item = it.items[0]
   620  	it.items = it.items[1:]
   621  	return item, nil
   622  }
   623  
   624  func (it *ServiceAccountIterator) bufLen() int {
   625  	return len(it.items)
   626  }
   627  
   628  func (it *ServiceAccountIterator) takeBuf() interface{} {
   629  	b := it.items
   630  	it.items = nil
   631  	return b
   632  }
   633
View as plain text