| // Copyright 2019 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // Code generated by gapic-generator. DO NOT EDIT. |
| |
| package admin |
| |
| import ( |
| "context" |
| "fmt" |
| "math" |
| "net/url" |
| "time" |
| |
| "github.com/golang/protobuf/proto" |
| gax "github.com/googleapis/gax-go/v2" |
| "google.golang.org/api/iterator" |
| "google.golang.org/api/option" |
| "google.golang.org/api/transport" |
| adminpb "google.golang.org/genproto/googleapis/iam/admin/v1" |
| iampb "google.golang.org/genproto/googleapis/iam/v1" |
| "google.golang.org/grpc" |
| "google.golang.org/grpc/codes" |
| "google.golang.org/grpc/metadata" |
| ) |
| |
| // IamCallOptions contains the retry settings for each method of IamClient. |
| type IamCallOptions struct { |
| ListServiceAccounts []gax.CallOption |
| GetServiceAccount []gax.CallOption |
| CreateServiceAccount []gax.CallOption |
| UpdateServiceAccount []gax.CallOption |
| DeleteServiceAccount []gax.CallOption |
| ListServiceAccountKeys []gax.CallOption |
| GetServiceAccountKey []gax.CallOption |
| CreateServiceAccountKey []gax.CallOption |
| DeleteServiceAccountKey []gax.CallOption |
| SignBlob []gax.CallOption |
| GetIamPolicy []gax.CallOption |
| SetIamPolicy []gax.CallOption |
| TestIamPermissions []gax.CallOption |
| QueryGrantableRoles []gax.CallOption |
| SignJwt []gax.CallOption |
| ListRoles []gax.CallOption |
| GetRole []gax.CallOption |
| CreateRole []gax.CallOption |
| UpdateRole []gax.CallOption |
| DeleteRole []gax.CallOption |
| UndeleteRole []gax.CallOption |
| QueryTestablePermissions []gax.CallOption |
| } |
| |
| func defaultIamClientOptions() []option.ClientOption { |
| return []option.ClientOption{ |
| option.WithEndpoint("iam.googleapis.com:443"), |
| option.WithScopes(DefaultAuthScopes()...), |
| option.WithGRPCDialOption(grpc.WithDefaultCallOptions( |
| grpc.MaxCallRecvMsgSize(math.MaxInt32))), |
| } |
| } |
| |
| func defaultIamCallOptions() *IamCallOptions { |
| retry := map[[2]string][]gax.CallOption{ |
| {"default", "idempotent"}: { |
| gax.WithRetry(func() gax.Retryer { |
| return gax.OnCodes([]codes.Code{ |
| codes.DeadlineExceeded, |
| codes.Unavailable, |
| }, gax.Backoff{ |
| Initial: 100 * time.Millisecond, |
| Max: 60000 * time.Millisecond, |
| Multiplier: 1.3, |
| }) |
| }), |
| }, |
| } |
| return &IamCallOptions{ |
| ListServiceAccounts: retry[[2]string{"default", "idempotent"}], |
| GetServiceAccount: retry[[2]string{"default", "idempotent"}], |
| CreateServiceAccount: retry[[2]string{"default", "non_idempotent"}], |
| UpdateServiceAccount: retry[[2]string{"default", "idempotent"}], |
| DeleteServiceAccount: retry[[2]string{"default", "idempotent"}], |
| ListServiceAccountKeys: retry[[2]string{"default", "idempotent"}], |
| GetServiceAccountKey: retry[[2]string{"default", "idempotent"}], |
| CreateServiceAccountKey: retry[[2]string{"default", "non_idempotent"}], |
| DeleteServiceAccountKey: retry[[2]string{"default", "idempotent"}], |
| SignBlob: retry[[2]string{"default", "non_idempotent"}], |
| GetIamPolicy: retry[[2]string{"default", "non_idempotent"}], |
| SetIamPolicy: retry[[2]string{"default", "non_idempotent"}], |
| TestIamPermissions: retry[[2]string{"default", "non_idempotent"}], |
| QueryGrantableRoles: retry[[2]string{"default", "non_idempotent"}], |
| SignJwt: retry[[2]string{"default", "non_idempotent"}], |
| ListRoles: retry[[2]string{"default", "idempotent"}], |
| GetRole: retry[[2]string{"default", "idempotent"}], |
| CreateRole: retry[[2]string{"default", "non_idempotent"}], |
| UpdateRole: retry[[2]string{"default", "non_idempotent"}], |
| DeleteRole: retry[[2]string{"default", "non_idempotent"}], |
| UndeleteRole: retry[[2]string{"default", "non_idempotent"}], |
| QueryTestablePermissions: retry[[2]string{"default", "non_idempotent"}], |
| } |
| } |
| |
| // IamClient is a client for interacting with Google Identity and Access Management (IAM) API. |
| // |
| // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. |
| type IamClient struct { |
| // The connection to the service. |
| conn *grpc.ClientConn |
| |
| // The gRPC API client. |
| iamClient adminpb.IAMClient |
| |
| // The call options for this service. |
| CallOptions *IamCallOptions |
| |
| // The x-goog-* metadata to be sent with each request. |
| xGoogMetadata metadata.MD |
| } |
| |
| // NewIamClient creates a new iam client. |
| // |
| // Creates and manages service account objects. |
| // |
| // Service account is an account that belongs to your project instead |
| // of to an individual end user. It is used to authenticate calls |
| // to a Google API. |
| // |
| // To create a service account, specify the project_id and account_id |
| // for the account. The account_id is unique within the project, and used |
| // to generate the service account email address and a stable |
| // unique_id. |
| // |
| // All other methods can identify accounts using the format |
| // projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. |
| // Using - as a wildcard for the project will infer the project from |
| // the account. The account value can be the email address or the |
| // unique_id of the service account. |
| func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) { |
| conn, err := transport.DialGRPC(ctx, append(defaultIamClientOptions(), opts...)...) |
| if err != nil { |
| return nil, err |
| } |
| c := &IamClient{ |
| conn: conn, |
| CallOptions: defaultIamCallOptions(), |
| |
| iamClient: adminpb.NewIAMClient(conn), |
| } |
| c.setGoogleClientInfo() |
| return c, nil |
| } |
| |
| // Connection returns the client's connection to the API service. |
| func (c *IamClient) Connection() *grpc.ClientConn { |
| return c.conn |
| } |
| |
| // Close closes the connection to the API service. The user should invoke this when |
| // the client is no longer required. |
| func (c *IamClient) Close() error { |
| return c.conn.Close() |
| } |
| |
| // setGoogleClientInfo sets the name and version of the application in |
| // the `x-goog-api-client` header passed on each request. Intended for |
| // use by Google-written clients. |
| func (c *IamClient) setGoogleClientInfo(keyval ...string) { |
| kv := append([]string{"gl-go", versionGo()}, keyval...) |
| kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version) |
| c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...)) |
| } |
| |
| // ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project. |
| func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.ListServiceAccounts[0:len(c.CallOptions.ListServiceAccounts):len(c.CallOptions.ListServiceAccounts)], opts...) |
| it := &ServiceAccountIterator{} |
| req = proto.Clone(req).(*adminpb.ListServiceAccountsRequest) |
| it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.ServiceAccount, string, error) { |
| var resp *adminpb.ListServiceAccountsResponse |
| req.PageToken = pageToken |
| if pageSize > math.MaxInt32 { |
| req.PageSize = math.MaxInt32 |
| } else { |
| req.PageSize = int32(pageSize) |
| } |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.ListServiceAccounts(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, "", err |
| } |
| return resp.Accounts, resp.NextPageToken, nil |
| } |
| fetch := func(pageSize int, pageToken string) (string, error) { |
| items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) |
| if err != nil { |
| return "", err |
| } |
| it.items = append(it.items, items...) |
| return nextPageToken, nil |
| } |
| it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) |
| it.pageInfo.MaxSize = int(req.PageSize) |
| it.pageInfo.Token = req.PageToken |
| return it |
| } |
| |
| // GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.GetServiceAccount[0:len(c.CallOptions.GetServiceAccount):len(c.CallOptions.GetServiceAccount)], opts...) |
| var resp *adminpb.ServiceAccount |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.GetServiceAccount(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount] |
| // and returns it. |
| func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.CreateServiceAccount[0:len(c.CallOptions.CreateServiceAccount):len(c.CallOptions.CreateServiceAccount)], opts...) |
| var resp *adminpb.ServiceAccount |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.CreateServiceAccount(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| // |
| // Currently, only the following fields are updatable: |
| // display_name . |
| // The etag is mandatory. |
| func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.UpdateServiceAccount[0:len(c.CallOptions.UpdateServiceAccount):len(c.CallOptions.UpdateServiceAccount)], opts...) |
| var resp *adminpb.ServiceAccount |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.UpdateServiceAccount(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.DeleteServiceAccount[0:len(c.CallOptions.DeleteServiceAccount):len(c.CallOptions.DeleteServiceAccount)], opts...) |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| _, err = c.iamClient.DeleteServiceAccount(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| return err |
| } |
| |
| // ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey]. |
| func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.ListServiceAccountKeys[0:len(c.CallOptions.ListServiceAccountKeys):len(c.CallOptions.ListServiceAccountKeys)], opts...) |
| var resp *adminpb.ListServiceAccountKeysResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.ListServiceAccountKeys(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] |
| // by key id. |
| func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.GetServiceAccountKey[0:len(c.CallOptions.GetServiceAccountKey):len(c.CallOptions.GetServiceAccountKey)], opts...) |
| var resp *adminpb.ServiceAccountKey |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.GetServiceAccountKey(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] |
| // and returns it. |
| func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.CreateServiceAccountKey[0:len(c.CallOptions.CreateServiceAccountKey):len(c.CallOptions.CreateServiceAccountKey)], opts...) |
| var resp *adminpb.ServiceAccountKey |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.CreateServiceAccountKey(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. |
| func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.DeleteServiceAccountKey[0:len(c.CallOptions.DeleteServiceAccountKey):len(c.CallOptions.DeleteServiceAccountKey)], opts...) |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| _, err = c.iamClient.DeleteServiceAccountKey(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| return err |
| } |
| |
| // SignBlob signs a blob using a service account's system-managed private key. |
| func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.SignBlob[0:len(c.CallOptions.SignBlob):len(c.CallOptions.SignBlob)], opts...) |
| var resp *adminpb.SignBlobResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.SignBlob(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // getIamPolicy returns the IAM access control policy for a |
| // [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| func (c *IamClient) getIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.GetIamPolicy[0:len(c.CallOptions.GetIamPolicy):len(c.CallOptions.GetIamPolicy)], opts...) |
| var resp *iampb.Policy |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.GetIamPolicy(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // setIamPolicy sets the IAM access control policy for a |
| // [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| func (c *IamClient) setIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.SetIamPolicy[0:len(c.CallOptions.SetIamPolicy):len(c.CallOptions.SetIamPolicy)], opts...) |
| var resp *iampb.Policy |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.SetIamPolicy(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // TestIamPermissions tests the specified permissions against the IAM access control policy |
| // for a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. |
| func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.TestIamPermissions[0:len(c.CallOptions.TestIamPermissions):len(c.CallOptions.TestIamPermissions)], opts...) |
| var resp *iampb.TestIamPermissionsResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.TestIamPermissions(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // QueryGrantableRoles queries roles that can be granted on a particular resource. |
| // A role is grantable if it can be used as the role in a binding for a policy |
| // for that resource. |
| func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error) { |
| ctx = insertMetadata(ctx, c.xGoogMetadata) |
| opts = append(c.CallOptions.QueryGrantableRoles[0:len(c.CallOptions.QueryGrantableRoles):len(c.CallOptions.QueryGrantableRoles)], opts...) |
| var resp *adminpb.QueryGrantableRolesResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.QueryGrantableRoles(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // SignJwt signs a JWT using a service account's system-managed private key. |
| // |
| // If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an |
| // expiry time of one hour by default. If you request an expiry time of |
| // more than one hour, the request will fail. |
| func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.SignJwt[0:len(c.CallOptions.SignJwt):len(c.CallOptions.SignJwt)], opts...) |
| var resp *adminpb.SignJwtResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.SignJwt(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // ListRoles lists the Roles defined on a resource. |
| func (c *IamClient) ListRoles(ctx context.Context, req *adminpb.ListRolesRequest, opts ...gax.CallOption) (*adminpb.ListRolesResponse, error) { |
| ctx = insertMetadata(ctx, c.xGoogMetadata) |
| opts = append(c.CallOptions.ListRoles[0:len(c.CallOptions.ListRoles):len(c.CallOptions.ListRoles)], opts...) |
| var resp *adminpb.ListRolesResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.ListRoles(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // GetRole gets a Role definition. |
| func (c *IamClient) GetRole(ctx context.Context, req *adminpb.GetRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.GetRole[0:len(c.CallOptions.GetRole):len(c.CallOptions.GetRole)], opts...) |
| var resp *adminpb.Role |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.GetRole(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // CreateRole creates a new Role. |
| func (c *IamClient) CreateRole(ctx context.Context, req *adminpb.CreateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.CreateRole[0:len(c.CallOptions.CreateRole):len(c.CallOptions.CreateRole)], opts...) |
| var resp *adminpb.Role |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.CreateRole(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // UpdateRole updates a Role definition. |
| func (c *IamClient) UpdateRole(ctx context.Context, req *adminpb.UpdateRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.UpdateRole[0:len(c.CallOptions.UpdateRole):len(c.CallOptions.UpdateRole)], opts...) |
| var resp *adminpb.Role |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.UpdateRole(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // DeleteRole soft deletes a role. The role is suspended and cannot be used to create new |
| // IAM Policy Bindings. |
| // The Role will not be included in ListRoles() unless show_deleted is set |
| // in the ListRolesRequest. The Role contains the deleted boolean set. |
| // Existing Bindings remains, but are inactive. The Role can be undeleted |
| // within 7 days. After 7 days the Role is deleted and all Bindings associated |
| // with the role are removed. |
| func (c *IamClient) DeleteRole(ctx context.Context, req *adminpb.DeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.DeleteRole[0:len(c.CallOptions.DeleteRole):len(c.CallOptions.DeleteRole)], opts...) |
| var resp *adminpb.Role |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.DeleteRole(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // UndeleteRole undelete a Role, bringing it back in its previous state. |
| func (c *IamClient) UndeleteRole(ctx context.Context, req *adminpb.UndeleteRoleRequest, opts ...gax.CallOption) (*adminpb.Role, error) { |
| md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) |
| ctx = insertMetadata(ctx, c.xGoogMetadata, md) |
| opts = append(c.CallOptions.UndeleteRole[0:len(c.CallOptions.UndeleteRole):len(c.CallOptions.UndeleteRole)], opts...) |
| var resp *adminpb.Role |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.UndeleteRole(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // QueryTestablePermissions lists the permissions testable on a resource. |
| // A permission is testable if it can be tested for an identity on a resource. |
| func (c *IamClient) QueryTestablePermissions(ctx context.Context, req *adminpb.QueryTestablePermissionsRequest, opts ...gax.CallOption) (*adminpb.QueryTestablePermissionsResponse, error) { |
| ctx = insertMetadata(ctx, c.xGoogMetadata) |
| opts = append(c.CallOptions.QueryTestablePermissions[0:len(c.CallOptions.QueryTestablePermissions):len(c.CallOptions.QueryTestablePermissions)], opts...) |
| var resp *adminpb.QueryTestablePermissionsResponse |
| err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { |
| var err error |
| resp, err = c.iamClient.QueryTestablePermissions(ctx, req, settings.GRPC...) |
| return err |
| }, opts...) |
| if err != nil { |
| return nil, err |
| } |
| return resp, nil |
| } |
| |
| // ServiceAccountIterator manages a stream of *adminpb.ServiceAccount. |
| type ServiceAccountIterator struct { |
| items []*adminpb.ServiceAccount |
| pageInfo *iterator.PageInfo |
| nextFunc func() error |
| |
| // InternalFetch is for use by the Google Cloud Libraries only. |
| // It is not part of the stable interface of this package. |
| // |
| // InternalFetch returns results from a single call to the underlying RPC. |
| // The number of results is no greater than pageSize. |
| // If there are no more results, nextPageToken is empty and err is nil. |
| InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error) |
| } |
| |
| // PageInfo supports pagination. See the google.golang.org/api/iterator package for details. |
| func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo { |
| return it.pageInfo |
| } |
| |
| // Next returns the next result. Its second return value is iterator.Done if there are no more |
| // results. Once Next returns Done, all subsequent calls will return Done. |
| func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error) { |
| var item *adminpb.ServiceAccount |
| if err := it.nextFunc(); err != nil { |
| return item, err |
| } |
| item = it.items[0] |
| it.items = it.items[1:] |
| return item, nil |
| } |
| |
| func (it *ServiceAccountIterator) bufLen() int { |
| return len(it.items) |
| } |
| |
| func (it *ServiceAccountIterator) takeBuf() interface{} { |
| b := it.items |
| it.items = nil |
| return b |
| } |