| 
									
										
										
										
											2021-01-01 03:01:13 +00:00
										 |  |  | # Copyright 2020 Google LLC | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Licensed under the Apache License, Version 2.0 (the "License"); | 
					
						
							|  |  |  | # you may not use this file except in compliance with the License. | 
					
						
							|  |  |  | # You may obtain a copy of the License at | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | #      http://www.apache.org/licenses/LICENSE-2.0 | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Unless required by applicable law or agreed to in writing, software | 
					
						
							|  |  |  | # distributed under the License is distributed on an "AS IS" BASIS, | 
					
						
							|  |  |  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
					
						
							|  |  |  | # See the License for the specific language governing permissions and | 
					
						
							|  |  |  | # limitations under the License. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | require 'google/apis/core/base_service' | 
					
						
							|  |  |  | require 'google/apis/core/json_representation' | 
					
						
							|  |  |  | require 'google/apis/core/hashable' | 
					
						
							|  |  |  | require 'google/apis/errors' | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | module Google | 
					
						
							|  |  |  |   module Apis | 
					
						
							|  |  |  |     module IamV1 | 
					
						
							|  |  |  |       # Identity and Access Management (IAM) API | 
					
						
							|  |  |  |       # | 
					
						
							|  |  |  |       # Manages identity and access control for Google Cloud Platform resources, | 
					
						
							|  |  |  |       #  including the creation of service accounts, which you can use to authenticate | 
					
						
							|  |  |  |       #  to Google and make API calls. | 
					
						
							|  |  |  |       # | 
					
						
							|  |  |  |       # @example | 
					
						
							|  |  |  |       #    require 'google/apis/iam_v1' | 
					
						
							|  |  |  |       # | 
					
						
							|  |  |  |       #    Iam = Google::Apis::IamV1 # Alias the module | 
					
						
							|  |  |  |       #    service = Iam::IamService.new | 
					
						
							|  |  |  |       # | 
					
						
							|  |  |  |       # @see https://cloud.google.com/iam/ | 
					
						
							|  |  |  |       class IamService < Google::Apis::Core::BaseService | 
					
						
							|  |  |  |         # @return [String] | 
					
						
							|  |  |  |         #  API key. Your API key identifies your project and provides you with API access, | 
					
						
							|  |  |  |         #  quota, and reports. Required unless you provide an OAuth 2.0 token. | 
					
						
							|  |  |  |         attr_accessor :key | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         # @return [String] | 
					
						
							|  |  |  |         #  Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #  arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         attr_accessor :quota_user | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         def initialize | 
					
						
							| 
									
										
										
										
											2021-01-01 17:40:59 +00:00
										 |  |  |           super('https://iam.googleapis.com/', '', | 
					
						
							|  |  |  |                 client_name: 'google-apis-iam_v1', | 
					
						
							|  |  |  |                 client_version: Google::Apis::IamV1::GEM_VERSION) | 
					
						
							| 
									
										
										
										
											2021-01-01 03:01:13 +00:00
										 |  |  |           @batch_path = 'batch' | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. | 
					
						
							|  |  |  |         # condition field, which contains a condition expression for a role binding. | 
					
						
							|  |  |  |         # Successful calls to this method always return an HTTP `200 OK` status code, | 
					
						
							|  |  |  |         # even if the linter detects an issue in the IAM policy. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::LintPolicyResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation | 
					
						
							|  |  |  |           command.request_object = lint_policy_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::LintPolicyResponse | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Returns a list of services that allow you to opt into audit logs that are not | 
					
						
							|  |  |  |         # generated by default. To learn more about audit logs, see the [Logging | 
					
						
							|  |  |  |         # documentation](https://cloud.google.com/logging/docs/audit). | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::QueryAuditableServicesResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation | 
					
						
							|  |  |  |           command.request_object = query_auditable_services_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Creates a new custom Role. | 
					
						
							|  |  |  |         # @param [String] parent | 
					
						
							|  |  |  |         #   The `parent` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.create()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates | 
					
						
							|  |  |  |         #   project-level [custom roles](/iam/docs/understanding-custom-roles). Example | 
					
						
							|  |  |  |         #   request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` | 
					
						
							|  |  |  |         #   organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ | 
					
						
							|  |  |  |         #   create): `organizations/`ORGANIZATION_ID``. This method creates organization- | 
					
						
							|  |  |  |         #   level [custom roles](/iam/docs/understanding-custom-roles). Example request | 
					
						
							|  |  |  |         #   URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` | 
					
						
							|  |  |  |         #   Note: Wildcard (*) values are invalid; you must specify a complete project ID | 
					
						
							|  |  |  |         #   or organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+parent}/roles', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation | 
					
						
							|  |  |  |           command.request_object = create_role_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['parent'] = parent unless parent.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Deletes a custom Role. When you delete a custom role, the following changes | 
					
						
							|  |  |  |         # occur immediately: * You cannot bind a member to the custom role in an IAM | 
					
						
							|  |  |  |         # Policy. * Existing bindings to the custom role are not changed, but they have | 
					
						
							|  |  |  |         # no effect. * By default, the response from ListRoles does not include the | 
					
						
							|  |  |  |         # custom role. You have 7 days to undelete the custom role. After 7 days, the | 
					
						
							|  |  |  |         # following changes occur: * The custom role is permanently deleted and cannot | 
					
						
							|  |  |  |         # be recovered. * If an IAM policy contains a binding to the custom role, the | 
					
						
							|  |  |  |         # binding is permanently removed. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.delete()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. | 
					
						
							|  |  |  |         #   This method deletes only [custom roles](/iam/docs/understanding-custom-roles) | 
					
						
							|  |  |  |         #   that have been created at the project level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` | 
					
						
							|  |  |  |         #   organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ | 
					
						
							|  |  |  |         #   delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method | 
					
						
							|  |  |  |         #   deletes only [custom roles](/iam/docs/understanding-custom-roles) that have | 
					
						
							|  |  |  |         #   been created at the organization level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: | 
					
						
							|  |  |  |         #   Wildcard (*) values are invalid; you must specify a complete project ID or | 
					
						
							|  |  |  |         #   organization ID. | 
					
						
							|  |  |  |         # @param [String] etag | 
					
						
							|  |  |  |         #   Used to perform a consistent read-modify-write. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:delete, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['etag'] = etag unless etag.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the definition of a Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `name` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` | 
					
						
							|  |  |  |         #   . This method returns results from all [predefined roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` | 
					
						
							|  |  |  |         #   https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ | 
					
						
							|  |  |  |         #   iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the project level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the organization level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; | 
					
						
							|  |  |  |         #   you must specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every predefined Role that IAM supports, or every custom role that is | 
					
						
							|  |  |  |         # defined for an organization or project. | 
					
						
							|  |  |  |         # @param [String] parent | 
					
						
							|  |  |  |         #   The `parent` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `parent` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. | 
					
						
							|  |  |  |         #   This method doesn't require a resource; it simply returns all [predefined | 
					
						
							|  |  |  |         #   roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example | 
					
						
							|  |  |  |         #   request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( | 
					
						
							|  |  |  |         #   /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This | 
					
						
							|  |  |  |         #   method lists all project-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method | 
					
						
							|  |  |  |         #   lists all organization-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must | 
					
						
							|  |  |  |         #   specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [Fixnum] page_size | 
					
						
							|  |  |  |         #   Optional limit on the number of roles to include in the response. The default | 
					
						
							|  |  |  |         #   is 300, and the maximum is 1,000. | 
					
						
							|  |  |  |         # @param [String] page_token | 
					
						
							|  |  |  |         #   Optional pagination token returned in an earlier ListRolesResponse. | 
					
						
							|  |  |  |         # @param [Boolean] show_deleted | 
					
						
							|  |  |  |         #   Include Roles that have been deleted. | 
					
						
							|  |  |  |         # @param [String] view | 
					
						
							|  |  |  |         #   Optional view for the returned Role objects. When `FULL` is specified, the ` | 
					
						
							|  |  |  |         #   includedPermissions` field is returned, which includes a list of all | 
					
						
							|  |  |  |         #   permissions in the role. The default value is `BASIC`, which does not return | 
					
						
							|  |  |  |         #   the `includedPermissions` field. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ListRolesResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+parent}/roles', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ListRolesResponse | 
					
						
							|  |  |  |           command.params['parent'] = parent unless parent.nil? | 
					
						
							|  |  |  |           command.query['pageSize'] = page_size unless page_size.nil? | 
					
						
							|  |  |  |           command.query['pageToken'] = page_token unless page_token.nil? | 
					
						
							|  |  |  |           command.query['showDeleted'] = show_deleted unless show_deleted.nil? | 
					
						
							|  |  |  |           command.query['view'] = view unless view.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Updates the definition of a custom Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.patch()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. | 
					
						
							|  |  |  |         #   This method updates only [custom roles](/iam/docs/understanding-custom-roles) | 
					
						
							|  |  |  |         #   that have been created at the project level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` | 
					
						
							|  |  |  |         #   organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch) | 
					
						
							|  |  |  |         #   : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method | 
					
						
							|  |  |  |         #   updates only [custom roles](/iam/docs/understanding-custom-roles) that have | 
					
						
							|  |  |  |         #   been created at the organization level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: | 
					
						
							|  |  |  |         #   Wildcard (*) values are invalid; you must specify a complete project ID or | 
					
						
							|  |  |  |         #   organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::Role] role_object | 
					
						
							|  |  |  |         # @param [String] update_mask | 
					
						
							|  |  |  |         #   A mask describing which fields in the Role have changed. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:patch, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.request_object = role_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['updateMask'] = update_mask unless update_mask.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Undeletes a custom Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.undelete()`](/iam/ | 
					
						
							|  |  |  |         #   reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the project level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the organization level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; | 
					
						
							|  |  |  |         #   you must specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:undelete', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation | 
					
						
							|  |  |  |           command.request_object = undelete_role_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every permission that you can test on a resource. A permission is | 
					
						
							|  |  |  |         # testable if you can check whether a member has that permission on the resource. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::QueryTestablePermissionsResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation | 
					
						
							|  |  |  |           command.request_object = query_testable_permissions_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the latest state of a long-running operation. Clients can use this method | 
					
						
							|  |  |  |         # to poll the operation result at intervals as recommended by the API service. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The name of the operation resource. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Operation] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Operation::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Operation | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the latest state of a long-running operation. Clients can use this method | 
					
						
							|  |  |  |         # to poll the operation result at intervals as recommended by the API service. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The name of the operation resource. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Operation] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Operation::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Operation | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Creates a new custom Role. | 
					
						
							|  |  |  |         # @param [String] parent | 
					
						
							|  |  |  |         #   The `parent` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.create()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates | 
					
						
							|  |  |  |         #   project-level [custom roles](/iam/docs/understanding-custom-roles). Example | 
					
						
							|  |  |  |         #   request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles` * [` | 
					
						
							|  |  |  |         #   organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/ | 
					
						
							|  |  |  |         #   create): `organizations/`ORGANIZATION_ID``. This method creates organization- | 
					
						
							|  |  |  |         #   level [custom roles](/iam/docs/understanding-custom-roles). Example request | 
					
						
							|  |  |  |         #   URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` | 
					
						
							|  |  |  |         #   Note: Wildcard (*) values are invalid; you must specify a complete project ID | 
					
						
							|  |  |  |         #   or organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+parent}/roles', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation | 
					
						
							|  |  |  |           command.request_object = create_role_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['parent'] = parent unless parent.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Deletes a custom Role. When you delete a custom role, the following changes | 
					
						
							|  |  |  |         # occur immediately: * You cannot bind a member to the custom role in an IAM | 
					
						
							|  |  |  |         # Policy. * Existing bindings to the custom role are not changed, but they have | 
					
						
							|  |  |  |         # no effect. * By default, the response from ListRoles does not include the | 
					
						
							|  |  |  |         # custom role. You have 7 days to undelete the custom role. After 7 days, the | 
					
						
							|  |  |  |         # following changes occur: * The custom role is permanently deleted and cannot | 
					
						
							|  |  |  |         # be recovered. * If an IAM policy contains a binding to the custom role, the | 
					
						
							|  |  |  |         # binding is permanently removed. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.delete()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. | 
					
						
							|  |  |  |         #   This method deletes only [custom roles](/iam/docs/understanding-custom-roles) | 
					
						
							|  |  |  |         #   that have been created at the project level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` | 
					
						
							|  |  |  |         #   organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/ | 
					
						
							|  |  |  |         #   delete): `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method | 
					
						
							|  |  |  |         #   deletes only [custom roles](/iam/docs/understanding-custom-roles) that have | 
					
						
							|  |  |  |         #   been created at the organization level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: | 
					
						
							|  |  |  |         #   Wildcard (*) values are invalid; you must specify a complete project ID or | 
					
						
							|  |  |  |         #   organization ID. | 
					
						
							|  |  |  |         # @param [String] etag | 
					
						
							|  |  |  |         #   Used to perform a consistent read-modify-write. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:delete, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['etag'] = etag unless etag.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the definition of a Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `name` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` | 
					
						
							|  |  |  |         #   . This method returns results from all [predefined roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` | 
					
						
							|  |  |  |         #   https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ | 
					
						
							|  |  |  |         #   iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the project level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the organization level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; | 
					
						
							|  |  |  |         #   you must specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every predefined Role that IAM supports, or every custom role that is | 
					
						
							|  |  |  |         # defined for an organization or project. | 
					
						
							|  |  |  |         # @param [String] parent | 
					
						
							|  |  |  |         #   The `parent` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `parent` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. | 
					
						
							|  |  |  |         #   This method doesn't require a resource; it simply returns all [predefined | 
					
						
							|  |  |  |         #   roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example | 
					
						
							|  |  |  |         #   request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( | 
					
						
							|  |  |  |         #   /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This | 
					
						
							|  |  |  |         #   method lists all project-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method | 
					
						
							|  |  |  |         #   lists all organization-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must | 
					
						
							|  |  |  |         #   specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [Fixnum] page_size | 
					
						
							|  |  |  |         #   Optional limit on the number of roles to include in the response. The default | 
					
						
							|  |  |  |         #   is 300, and the maximum is 1,000. | 
					
						
							|  |  |  |         # @param [String] page_token | 
					
						
							|  |  |  |         #   Optional pagination token returned in an earlier ListRolesResponse. | 
					
						
							|  |  |  |         # @param [Boolean] show_deleted | 
					
						
							|  |  |  |         #   Include Roles that have been deleted. | 
					
						
							|  |  |  |         # @param [String] view | 
					
						
							|  |  |  |         #   Optional view for the returned Role objects. When `FULL` is specified, the ` | 
					
						
							|  |  |  |         #   includedPermissions` field is returned, which includes a list of all | 
					
						
							|  |  |  |         #   permissions in the role. The default value is `BASIC`, which does not return | 
					
						
							|  |  |  |         #   the `includedPermissions` field. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ListRolesResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+parent}/roles', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ListRolesResponse | 
					
						
							|  |  |  |           command.params['parent'] = parent unless parent.nil? | 
					
						
							|  |  |  |           command.query['pageSize'] = page_size unless page_size.nil? | 
					
						
							|  |  |  |           command.query['pageToken'] = page_token unless page_token.nil? | 
					
						
							|  |  |  |           command.query['showDeleted'] = show_deleted unless show_deleted.nil? | 
					
						
							|  |  |  |           command.query['view'] = view unless view.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Updates the definition of a custom Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.patch()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. | 
					
						
							|  |  |  |         #   This method updates only [custom roles](/iam/docs/understanding-custom-roles) | 
					
						
							|  |  |  |         #   that have been created at the project level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * [` | 
					
						
							|  |  |  |         #   organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch) | 
					
						
							|  |  |  |         #   : `organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method | 
					
						
							|  |  |  |         #   updates only [custom roles](/iam/docs/understanding-custom-roles) that have | 
					
						
							|  |  |  |         #   been created at the organization level. Example request URL: `https://iam. | 
					
						
							|  |  |  |         #   googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: | 
					
						
							|  |  |  |         #   Wildcard (*) values are invalid; you must specify a complete project ID or | 
					
						
							|  |  |  |         #   organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::Role] role_object | 
					
						
							|  |  |  |         # @param [String] update_mask | 
					
						
							|  |  |  |         #   A mask describing which fields in the Role have changed. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:patch, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.request_object = role_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['updateMask'] = update_mask unless update_mask.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Undeletes a custom Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`] | 
					
						
							|  |  |  |         #   (/iam/reference/rest/v1/organizations.roles). Each resource type's `name` | 
					
						
							|  |  |  |         #   value format is described below: * [`projects.roles.undelete()`](/iam/ | 
					
						
							|  |  |  |         #   reference/rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the project level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/organizations.roles/undelete): `organizations/`ORGANIZATION_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method undeletes only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the organization level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; | 
					
						
							|  |  |  |         #   you must specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:undelete', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation | 
					
						
							|  |  |  |           command.request_object = undelete_role_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Creates a ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the project associated with the service | 
					
						
							|  |  |  |         #   accounts, such as `projects/my-project-123`. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccount] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation | 
					
						
							|  |  |  |           command.request_object = create_service_account_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccount | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Deletes a ServiceAccount. **Warning:** After you delete a service account, you | 
					
						
							|  |  |  |         # might not be able to undelete it. If you know that you need to re-enable the | 
					
						
							|  |  |  |         # service account in the future, use DisableServiceAccount instead. If you | 
					
						
							|  |  |  |         # delete a service account, IAM permanently removes the service account 30 days | 
					
						
							|  |  |  |         # later. Google Cloud cannot recover the service account after it is permanently | 
					
						
							|  |  |  |         # removed, even if you file a support request. To help avoid unplanned outages, | 
					
						
							|  |  |  |         # we recommend that you disable the service account before you delete it. Use | 
					
						
							|  |  |  |         # DisableServiceAccount to disable the service account, then wait at least 24 | 
					
						
							|  |  |  |         # hours and watch for unintended consequences. If there are no unintended | 
					
						
							|  |  |  |         # consequences, you can delete the service account. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account in the following format: ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for | 
					
						
							|  |  |  |         #   the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value | 
					
						
							|  |  |  |         #   can be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Empty] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:delete, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Empty::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Empty | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Disables a ServiceAccount immediately. If an application uses the service | 
					
						
							|  |  |  |         # account to authenticate, that application can no longer call Google APIs or | 
					
						
							|  |  |  |         # access Google Cloud resources. Existing access tokens for the service account | 
					
						
							|  |  |  |         # are rejected, and requests for new access tokens will fail. To re-enable the | 
					
						
							|  |  |  |         # service account, use EnableServiceAccount. After you re-enable the service | 
					
						
							|  |  |  |         # account, its existing access tokens will be accepted, and you can request new | 
					
						
							|  |  |  |         # access tokens. To help avoid unplanned outages, we recommend that you disable | 
					
						
							|  |  |  |         # the service account before you delete it. Use this method to disable the | 
					
						
							|  |  |  |         # service account, then wait at least 24 hours and watch for unintended | 
					
						
							|  |  |  |         # consequences. If there are no unintended consequences, you can delete the | 
					
						
							|  |  |  |         # service account with DeleteServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account in the following format: `projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` | 
					
						
							|  |  |  |         #   PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can | 
					
						
							|  |  |  |         #   be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Empty] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:disable', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation | 
					
						
							|  |  |  |           command.request_object = disable_service_account_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Empty::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Empty | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Enables a ServiceAccount that was disabled by DisableServiceAccount. If the | 
					
						
							|  |  |  |         # service account is already enabled, then this method has no effect. If the | 
					
						
							|  |  |  |         # service account was disabled by other means—for example, if Google disabled | 
					
						
							|  |  |  |         # the service account because it was compromised—you cannot use this method to | 
					
						
							|  |  |  |         # enable the service account. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account in the following format: `projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` | 
					
						
							|  |  |  |         #   PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can | 
					
						
							|  |  |  |         #   be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Empty] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:enable', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation | 
					
						
							|  |  |  |           command.request_object = enable_service_account_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Empty::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Empty | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets a ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account in the following format: ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for | 
					
						
							|  |  |  |         #   the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value | 
					
						
							|  |  |  |         #   can be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccount] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccount | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the IAM policy that is attached to a ServiceAccount. This IAM policy | 
					
						
							|  |  |  |         # specifies which members have access to the service account. This method does | 
					
						
							|  |  |  |         # not tell you whether the service account has been granted any roles on other | 
					
						
							|  |  |  |         # resources. To check whether a service account has role grants on a resource, | 
					
						
							|  |  |  |         # use the `getIamPolicy` method for that resource. For example, to view the role | 
					
						
							|  |  |  |         # grants for a project, call the Resource Manager API's [`projects.getIamPolicy`] | 
					
						
							|  |  |  |         # (https://cloud.google.com/resource-manager/reference/rest/v1/projects/ | 
					
						
							|  |  |  |         # getIamPolicy) method. | 
					
						
							|  |  |  |         # @param [String] resource | 
					
						
							|  |  |  |         #   REQUIRED: The resource for which the policy is being requested. See the | 
					
						
							|  |  |  |         #   operation documentation for the appropriate value for this field. | 
					
						
							|  |  |  |         # @param [Fixnum] options_requested_policy_version | 
					
						
							|  |  |  |         #   Optional. The policy format version to be returned. Valid values are 0, 1, and | 
					
						
							|  |  |  |         #   3. Requests specifying an invalid value will be rejected. Requests for | 
					
						
							|  |  |  |         #   policies with any conditional bindings must specify version 3. Policies | 
					
						
							|  |  |  |         #   without any conditional bindings may specify any valid value or leave the | 
					
						
							|  |  |  |         #   field unset. To learn which resources support conditions in their IAM policies, | 
					
						
							|  |  |  |         #   see the [IAM documentation](https://cloud.google.com/iam/help/conditions/ | 
					
						
							|  |  |  |         #   resource-policies). | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Policy] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Policy::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Policy | 
					
						
							|  |  |  |           command.params['resource'] = resource unless resource.nil? | 
					
						
							|  |  |  |           command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every ServiceAccount that belongs to a specific project. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the project associated with the service | 
					
						
							|  |  |  |         #   accounts, such as `projects/my-project-123`. | 
					
						
							|  |  |  |         # @param [Fixnum] page_size | 
					
						
							|  |  |  |         #   Optional limit on the number of service accounts to include in the response. | 
					
						
							|  |  |  |         #   Further accounts can subsequently be obtained by including the | 
					
						
							|  |  |  |         #   ListServiceAccountsResponse.next_page_token in a subsequent request. The | 
					
						
							|  |  |  |         #   default is 20, and the maximum is 100. | 
					
						
							|  |  |  |         # @param [String] page_token | 
					
						
							|  |  |  |         #   Optional pagination token returned in an earlier ListServiceAccountsResponse. | 
					
						
							|  |  |  |         #   next_page_token. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ListServiceAccountsResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['pageSize'] = page_size unless page_size.nil? | 
					
						
							|  |  |  |           command.query['pageToken'] = page_token unless page_token.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Patches a ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account. Use one of the following formats: * ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` | 
					
						
							|  |  |  |         #   /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard | 
					
						
							|  |  |  |         #   character instead of the project ID: * `projects/-/serviceAccounts/` | 
					
						
							|  |  |  |         #   EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, | 
					
						
							|  |  |  |         #   avoid using the `-` wildcard character, because it can cause response messages | 
					
						
							|  |  |  |         #   to contain misleading error codes. For example, if you try to get the service | 
					
						
							|  |  |  |         #   account `projects/-/serviceAccounts/fake@example.com`, which does not exist, | 
					
						
							|  |  |  |         #   the response contains an HTTP `403 Forbidden` error instead of a `404 Not | 
					
						
							|  |  |  |         #   Found` error. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccount] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:patch, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation | 
					
						
							|  |  |  |           command.request_object = patch_service_account_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccount | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Sets the IAM policy that is attached to a ServiceAccount. Use this method to | 
					
						
							|  |  |  |         # grant or revoke access to the service account. For example, you could grant a | 
					
						
							|  |  |  |         # member the ability to impersonate the service account. This method does not | 
					
						
							|  |  |  |         # enable the service account to access other resources. To grant roles to a | 
					
						
							|  |  |  |         # service account on a resource, follow these steps: 1. Call the resource's ` | 
					
						
							|  |  |  |         # getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that | 
					
						
							|  |  |  |         # it binds the service account to an IAM role for the resource. 3. Call the | 
					
						
							|  |  |  |         # resource's `setIamPolicy` method to update its IAM policy. For detailed | 
					
						
							|  |  |  |         # instructions, see [Granting roles to a service account for specific resources]( | 
					
						
							|  |  |  |         # https://cloud.google.com/iam/help/service-accounts/granting-access-to-service- | 
					
						
							|  |  |  |         # accounts). | 
					
						
							|  |  |  |         # @param [String] resource | 
					
						
							|  |  |  |         #   REQUIRED: The resource for which the policy is being specified. See the | 
					
						
							|  |  |  |         #   operation documentation for the appropriate value for this field. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Policy] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation | 
					
						
							|  |  |  |           command.request_object = set_iam_policy_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Policy::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Policy | 
					
						
							|  |  |  |           command.params['resource'] = resource unless resource.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # **Note:** This method is deprecated and will stop working on July 1, 2021. Use | 
					
						
							|  |  |  |         # the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/ | 
					
						
							|  |  |  |         # projects.serviceAccounts/signBlob) method in the IAM Service Account | 
					
						
							|  |  |  |         # Credentials API instead. If you currently use this method, see the [migration | 
					
						
							|  |  |  |         # guide](https://cloud.google.com/iam/help/credentials/migrate-api) for | 
					
						
							|  |  |  |         # instructions. Signs a blob using the system-managed private key for a | 
					
						
							|  |  |  |         # ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. Deprecated. [Migrate to Service Account Credentials API](https:// | 
					
						
							|  |  |  |         #   cloud.google.com/iam/help/credentials/migrate-api). The resource name of the | 
					
						
							|  |  |  |         #   service account in the following format: `projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will | 
					
						
							|  |  |  |         #   infer the project from the account. The `ACCOUNT` value can be the `email` | 
					
						
							|  |  |  |         #   address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::SignBlobResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:signBlob', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation | 
					
						
							|  |  |  |           command.request_object = sign_blob_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::SignBlobResponse | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # **Note:** This method is deprecated and will stop working on July 1, 2021. Use | 
					
						
							|  |  |  |         # the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects. | 
					
						
							|  |  |  |         # serviceAccounts/signJwt) method in the IAM Service Account Credentials API | 
					
						
							|  |  |  |         # instead. If you currently use this method, see the [migration guide](https:// | 
					
						
							|  |  |  |         # cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a | 
					
						
							|  |  |  |         # JSON Web Token (JWT) using the system-managed private key for a ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. Deprecated. [Migrate to Service Account Credentials API](https:// | 
					
						
							|  |  |  |         #   cloud.google.com/iam/help/credentials/migrate-api). The resource name of the | 
					
						
							|  |  |  |         #   service account in the following format: `projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will | 
					
						
							|  |  |  |         #   infer the project from the account. The `ACCOUNT` value can be the `email` | 
					
						
							|  |  |  |         #   address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::SignJwtResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:signJwt', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation | 
					
						
							|  |  |  |           command.request_object = sign_jwt_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::SignJwtResponse | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Tests whether the caller has the specified permissions on a ServiceAccount. | 
					
						
							|  |  |  |         # @param [String] resource | 
					
						
							|  |  |  |         #   REQUIRED: The resource for which the policy detail is being requested. See the | 
					
						
							|  |  |  |         #   operation documentation for the appropriate value for this field. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::TestIamPermissionsResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation | 
					
						
							|  |  |  |           command.request_object = test_iam_permissions_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse | 
					
						
							|  |  |  |           command.params['resource'] = resource unless resource.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Restores a deleted ServiceAccount. **Important:** It is not always possible to | 
					
						
							|  |  |  |         # restore a deleted service account. Use this method only as a last resort. | 
					
						
							|  |  |  |         # After you delete a service account, IAM permanently removes the service | 
					
						
							|  |  |  |         # account 30 days later. There is no way to restore a deleted service account | 
					
						
							|  |  |  |         # that has been permanently removed. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account in the following format: `projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for | 
					
						
							|  |  |  |         #   the `PROJECT_ID` will infer the project from the account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::UndeleteServiceAccountResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}:undelete', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation | 
					
						
							|  |  |  |           command.request_object = undelete_service_account_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # **Note:** We are in the process of deprecating this method. Use | 
					
						
							|  |  |  |         # PatchServiceAccount instead. Updates a ServiceAccount. You can update only the | 
					
						
							|  |  |  |         # `display_name` and `description` fields. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account. Use one of the following formats: * ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` | 
					
						
							|  |  |  |         #   /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard | 
					
						
							|  |  |  |         #   character instead of the project ID: * `projects/-/serviceAccounts/` | 
					
						
							|  |  |  |         #   EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, | 
					
						
							|  |  |  |         #   avoid using the `-` wildcard character, because it can cause response messages | 
					
						
							|  |  |  |         #   to contain misleading error codes. For example, if you try to get the service | 
					
						
							|  |  |  |         #   account `projects/-/serviceAccounts/fake@example.com`, which does not exist, | 
					
						
							|  |  |  |         #   the response contains an HTTP `403 Forbidden` error instead of a `404 Not | 
					
						
							|  |  |  |         #   Found` error. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::ServiceAccount] service_account_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccount] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:put, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation | 
					
						
							|  |  |  |           command.request_object = service_account_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccount | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Creates a ServiceAccountKey. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account in the following format: ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for | 
					
						
							|  |  |  |         #   the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value | 
					
						
							|  |  |  |         #   can be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccountKey] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}/keys', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation | 
					
						
							|  |  |  |           command.request_object = create_service_account_key_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccountKey | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Deletes a ServiceAccountKey. Deleting a service account key does not revoke | 
					
						
							|  |  |  |         # short-lived credentials that have been issued based on the service account key. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account key in the following format: | 
					
						
							|  |  |  |         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a | 
					
						
							|  |  |  |         #   wildcard for the `PROJECT_ID` will infer the project from the account. The ` | 
					
						
							|  |  |  |         #   ACCOUNT` value can be the `email` address or the `unique_id` of the service | 
					
						
							|  |  |  |         #   account. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Empty] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:delete, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Empty::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Empty | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets a ServiceAccountKey. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account key in the following format: | 
					
						
							|  |  |  |         #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a | 
					
						
							|  |  |  |         #   wildcard for the `PROJECT_ID` will infer the project from the account. The ` | 
					
						
							|  |  |  |         #   ACCOUNT` value can be the `email` address or the `unique_id` of the service | 
					
						
							|  |  |  |         #   account. | 
					
						
							|  |  |  |         # @param [String] public_key_type | 
					
						
							|  |  |  |         #   The output format of the public key requested. X509_PEM is the default output | 
					
						
							|  |  |  |         #   format. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccountKey] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccountKey | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['publicKeyType'] = public_key_type unless public_key_type.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every ServiceAccountKey for a service account. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   Required. The resource name of the service account in the following format: ` | 
					
						
							|  |  |  |         #   projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for | 
					
						
							|  |  |  |         #   the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value | 
					
						
							|  |  |  |         #   can be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Array<String>, String] key_types | 
					
						
							|  |  |  |         #   Filters the types of keys the user wants to include in the list response. | 
					
						
							|  |  |  |         #   Duplicate key types are not allowed. If no key type is provided, all keys are | 
					
						
							|  |  |  |         #   returned. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ListServiceAccountKeysResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}/keys', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['keyTypes'] = key_types unless key_types.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Creates a ServiceAccountKey, using a public key that you provide. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The resource name of the service account in the following format: `projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` | 
					
						
							|  |  |  |         #   PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can | 
					
						
							|  |  |  |         #   be the `email` address or the `unique_id` of the service account. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ServiceAccountKey] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/{+name}/keys:upload', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation | 
					
						
							|  |  |  |           command.request_object = upload_service_account_key_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ServiceAccountKey | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Gets the definition of a Role. | 
					
						
							|  |  |  |         # @param [String] name | 
					
						
							|  |  |  |         #   The `name` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `name` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/`ROLE_NAME`` | 
					
						
							|  |  |  |         #   . This method returns results from all [predefined roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-roles#predefined_roles) in Cloud IAM. Example request URL: ` | 
					
						
							|  |  |  |         #   https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [`projects.roles.get()`](/ | 
					
						
							|  |  |  |         #   iam/reference/rest/v1/projects.roles/get): `projects/`PROJECT_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the project level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ | 
					
						
							|  |  |  |         #   roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.get()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` | 
					
						
							|  |  |  |         #   CUSTOM_ROLE_ID``. This method returns only [custom roles](/iam/docs/ | 
					
						
							|  |  |  |         #   understanding-custom-roles) that have been created at the organization level. | 
					
						
							|  |  |  |         #   Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) values are invalid; | 
					
						
							|  |  |  |         #   you must specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::Role] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::Role] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def get_role(name, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/{+name}', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::Role::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::Role | 
					
						
							|  |  |  |           command.params['name'] = name unless name.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists every predefined Role that IAM supports, or every custom role that is | 
					
						
							|  |  |  |         # defined for an organization or project. | 
					
						
							|  |  |  |         # @param [Fixnum] page_size | 
					
						
							|  |  |  |         #   Optional limit on the number of roles to include in the response. The default | 
					
						
							|  |  |  |         #   is 300, and the maximum is 1,000. | 
					
						
							|  |  |  |         # @param [String] page_token | 
					
						
							|  |  |  |         #   Optional pagination token returned in an earlier ListRolesResponse. | 
					
						
							|  |  |  |         # @param [String] parent | 
					
						
							|  |  |  |         #   The `parent` parameter's value depends on the target resource for the request, | 
					
						
							|  |  |  |         #   namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/ | 
					
						
							|  |  |  |         #   rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles). Each resource type's `parent` value format is described | 
					
						
							|  |  |  |         #   below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. | 
					
						
							|  |  |  |         #   This method doesn't require a resource; it simply returns all [predefined | 
					
						
							|  |  |  |         #   roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example | 
					
						
							|  |  |  |         #   request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`]( | 
					
						
							|  |  |  |         #   /iam/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This | 
					
						
							|  |  |  |         #   method lists all project-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/projects/` | 
					
						
							|  |  |  |         #   PROJECT_ID`/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/ | 
					
						
							|  |  |  |         #   organizations.roles/list): `organizations/`ORGANIZATION_ID``. This method | 
					
						
							|  |  |  |         #   lists all organization-level [custom roles](/iam/docs/understanding-custom- | 
					
						
							|  |  |  |         #   roles). Example request URL: `https://iam.googleapis.com/v1/organizations/` | 
					
						
							|  |  |  |         #   ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must | 
					
						
							|  |  |  |         #   specify a complete project ID or organization ID. | 
					
						
							|  |  |  |         # @param [Boolean] show_deleted | 
					
						
							|  |  |  |         #   Include Roles that have been deleted. | 
					
						
							|  |  |  |         # @param [String] view | 
					
						
							|  |  |  |         #   Optional view for the returned Role objects. When `FULL` is specified, the ` | 
					
						
							|  |  |  |         #   includedPermissions` field is returned, which includes a list of all | 
					
						
							|  |  |  |         #   permissions in the role. The default value is `BASIC`, which does not return | 
					
						
							|  |  |  |         #   the `includedPermissions` field. | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::ListRolesResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:get, 'v1/roles', options) | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::ListRolesResponse | 
					
						
							|  |  |  |           command.query['pageSize'] = page_size unless page_size.nil? | 
					
						
							|  |  |  |           command.query['pageToken'] = page_token unless page_token.nil? | 
					
						
							|  |  |  |           command.query['parent'] = parent unless parent.nil? | 
					
						
							|  |  |  |           command.query['showDeleted'] = show_deleted unless show_deleted.nil? | 
					
						
							|  |  |  |           command.query['view'] = view unless view.nil? | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |          | 
					
						
							|  |  |  |         # Lists roles that can be granted on a Google Cloud resource. A role is | 
					
						
							|  |  |  |         # grantable if the IAM policy for the resource can contain bindings to the role. | 
					
						
							|  |  |  |         # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object | 
					
						
							|  |  |  |         # @param [String] fields | 
					
						
							|  |  |  |         #   Selector specifying which fields to include in a partial response. | 
					
						
							|  |  |  |         # @param [String] quota_user | 
					
						
							|  |  |  |         #   Available to use for quota purposes for server-side applications. Can be any | 
					
						
							|  |  |  |         #   arbitrary string assigned to a user, but should not exceed 40 characters. | 
					
						
							|  |  |  |         # @param [Google::Apis::RequestOptions] options | 
					
						
							|  |  |  |         #   Request-specific options | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @yield [result, err] Result & error if block supplied | 
					
						
							|  |  |  |         # @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object | 
					
						
							|  |  |  |         # @yieldparam err [StandardError] error object if request failed | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @return [Google::Apis::IamV1::QueryGrantableRolesResponse] | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried | 
					
						
							|  |  |  |         # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification | 
					
						
							|  |  |  |         # @raise [Google::Apis::AuthorizationError] Authorization is required | 
					
						
							|  |  |  |         def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) | 
					
						
							|  |  |  |           command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options) | 
					
						
							|  |  |  |           command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation | 
					
						
							|  |  |  |           command.request_object = query_grantable_roles_request_object | 
					
						
							|  |  |  |           command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation | 
					
						
							|  |  |  |           command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse | 
					
						
							|  |  |  |           command.query['fields'] = fields unless fields.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |           execute_or_queue_command(command, &block) | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         protected | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         def apply_command_defaults(command) | 
					
						
							|  |  |  |           command.query['key'] = key unless key.nil? | 
					
						
							|  |  |  |           command.query['quotaUser'] = quota_user unless quota_user.nil? | 
					
						
							|  |  |  |         end | 
					
						
							|  |  |  |       end | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | end |