Identity and Access Management (IAM) API

Manages identity and access control for Trusted Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Trusted Cloud and make API calls.

Service: iam.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://iam.s3nsapis.fr

REST Resource: v2beta.policies

Methods
createPolicy POST /v2beta/{parent=policies/*/*}
Creates a policy.
delete DELETE /v2beta/{name=policies/*/*/*}
Deletes a policy.
get GET /v2beta/{name=policies/*/*/*}
Gets a policy.
listPolicies GET /v2beta/{parent=policies/*/*}
Retrieves the policies of the specified kind that are attached to a resource.
update PUT /v2beta/{policy.name=policies/*/*/*}
Updates the specified policy.

REST Resource: v2beta.policies.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v2.policies

Methods
createPolicy POST /v2/{parent=policies/*/*}
Creates a policy.
delete DELETE /v2/{name=policies/*/*/*}
Deletes a policy.
get GET /v2/{name=policies/*/*/*}
Gets a policy.
listPolicies GET /v2/{parent=policies/*/*}
Retrieves the policies of the specified kind that are attached to a resource.
update PUT /v2/{policy.name=policies/*/*/*}
Updates the specified policy.

REST Resource: v2.policies.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1beta.projects.locations.workloadIdentityPools

Methods
create The method google.iam.v1beta.WorkloadIdentityPools.CreateWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1beta.WorkloadIdentityPools.DeleteWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
get The method google.iam.v1beta.WorkloadIdentityPools.GetWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
list The method google.iam.v1beta.WorkloadIdentityPools.ListWorkloadIdentityPools is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1beta.WorkloadIdentityPools.UpdateWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1beta.WorkloadIdentityPools.UndeleteWorkloadIdentityPool is not available in Trusted Cloud by S3NS.

REST Resource: v1beta.projects.locations.workloadIdentityPools.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1beta.projects.locations.workloadIdentityPools.providers

Methods
create The method google.iam.v1beta.WorkloadIdentityPools.CreateWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1beta.WorkloadIdentityPools.DeleteWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
get The method google.iam.v1beta.WorkloadIdentityPools.GetWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
list The method google.iam.v1beta.WorkloadIdentityPools.ListWorkloadIdentityPoolProviders is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1beta.WorkloadIdentityPools.UpdateWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1beta.WorkloadIdentityPools.UndeleteWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.

REST Resource: v1beta.projects.locations.workloadIdentityPools.providers.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1.iamPolicies

Methods
lintPolicy POST /v1/iamPolicies:lintPolicy
Lints, or validates, an IAM policy.
queryAuditableServices POST /v1/iamPolicies:queryAuditableServices
Returns a list of services that allow you to opt into audit logs that are not generated by default.

REST Resource: v1.locations.workforcePools

Methods
create The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePool is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePool is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.WorkforcePools.GetWorkforcePool is not available in Trusted Cloud by S3NS.
getIamPolicy The method google.iam.admin.v1.WorkforcePools.GetIamPolicy is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.WorkforcePools.ListWorkforcePools is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.WorkforcePools.UpdateWorkforcePool is not available in Trusted Cloud by S3NS.
setIamPolicy The method google.iam.admin.v1.WorkforcePools.SetIamPolicy is not available in Trusted Cloud by S3NS.
testIamPermissions The method google.iam.admin.v1.WorkforcePools.TestIamPermissions is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.providers

Methods
create The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePoolProvider is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolProvider is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.WorkforcePools.GetWorkforcePoolProvider is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.WorkforcePools.ListWorkforcePoolProviders is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.WorkforcePools.UpdateWorkforcePoolProvider is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.providers.keys

Methods
create The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePoolProviderKey is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolProviderKey is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.WorkforcePools.GetWorkforcePoolProviderKey is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.WorkforcePools.ListWorkforcePoolProviderKeys is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProviderKey is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.providers.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.providers.scimTenants

Methods
create The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePoolProviderScimTenant is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolProviderScimTenant is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.WorkforcePools.GetWorkforcePoolProviderScimTenant is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.WorkforcePools.ListWorkforcePoolProviderScimTenants is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.WorkforcePools.UpdateWorkforcePoolProviderScimTenant is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProviderScimTenant is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.providers.scimTenants.tokens

Methods
create The method google.iam.admin.v1.WorkforcePools.CreateWorkforcePoolProviderScimToken is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolProviderScimToken is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.WorkforcePools.GetWorkforcePoolProviderScimToken is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.WorkforcePools.ListWorkforcePoolProviderScimTokens is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.WorkforcePools.UpdateWorkforcePoolProviderScimToken is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProviderScimToken is not available in Trusted Cloud by S3NS.

REST Resource: v1.locations.workforcePools.subjects

Methods
delete The method google.iam.admin.v1.WorkforcePools.DeleteWorkforcePoolSubject is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolSubject is not available in Trusted Cloud by S3NS.

REST Resource: v1.organizations.roles

Methods
create POST /v1/{parent=organizations/*}/roles
Creates a new custom Role.
delete DELETE /v1/{name=organizations/*/roles/*}
Deletes a custom Role.
get GET /v1/{name=organizations/*/roles/*}
Gets the definition of a Role.
list GET /v1/{parent=organizations/*}/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
patch PATCH /v1/{name=organizations/*/roles/*}
Updates the definition of a custom Role.
undelete POST /v1/{name=organizations/*/roles/*}:undelete
Undeletes a custom Role.

REST Resource: v1.permissions

Methods
queryTestablePermissions POST /v1/permissions:queryTestablePermissions
Lists every permission that you can test on a resource.

REST Resource: v1.projects.locations.oauthClients

Methods
create The method google.iam.admin.v1.OauthClients.CreateOauthClient is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.OauthClients.DeleteOauthClient is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.OauthClients.GetOauthClient is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.OauthClients.ListOauthClients is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.OauthClients.UpdateOauthClient is not available in Trusted Cloud by S3NS.
undelete The method google.iam.admin.v1.OauthClients.UndeleteOauthClient is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.oauthClients.credentials

Methods
create The method google.iam.admin.v1.OauthClients.CreateOauthClientCredential is not available in Trusted Cloud by S3NS.
delete The method google.iam.admin.v1.OauthClients.DeleteOauthClientCredential is not available in Trusted Cloud by S3NS.
get The method google.iam.admin.v1.OauthClients.GetOauthClientCredential is not available in Trusted Cloud by S3NS.
list The method google.iam.admin.v1.OauthClients.ListOauthClientCredentials is not available in Trusted Cloud by S3NS.
patch The method google.iam.admin.v1.OauthClients.UpdateOauthClientCredential is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools

Methods
create The method google.iam.v1.WorkloadIdentityPools.CreateWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1.WorkloadIdentityPools.DeleteWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
get The method google.iam.v1.WorkloadIdentityPools.GetWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
getIamPolicy The method google.iam.v1.WorkloadIdentityPools.GetIamPolicy is not available in Trusted Cloud by S3NS.
list The method google.iam.v1.WorkloadIdentityPools.ListWorkloadIdentityPools is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1.WorkloadIdentityPools.UpdateWorkloadIdentityPool is not available in Trusted Cloud by S3NS.
setIamPolicy The method google.iam.v1.WorkloadIdentityPools.SetIamPolicy is not available in Trusted Cloud by S3NS.
testIamPermissions The method google.iam.v1.WorkloadIdentityPools.TestIamPermissions is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1.WorkloadIdentityPools.UndeleteWorkloadIdentityPool is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.namespaces

Methods
create The method google.iam.v1.WorkloadIdentityPools.CreateWorkloadIdentityPoolNamespace is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1.WorkloadIdentityPools.DeleteWorkloadIdentityPoolNamespace is not available in Trusted Cloud by S3NS.
get The method google.iam.v1.WorkloadIdentityPools.GetWorkloadIdentityPoolNamespace is not available in Trusted Cloud by S3NS.
list The method google.iam.v1.WorkloadIdentityPools.ListWorkloadIdentityPoolNamespaces is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1.WorkloadIdentityPools.UpdateWorkloadIdentityPoolNamespace is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1.WorkloadIdentityPools.UndeleteWorkloadIdentityPoolNamespace is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.namespaces.managedIdentities

Methods
addAttestationRule The method google.iam.v1.WorkloadIdentityPools.AddAttestationRule is not available in Trusted Cloud by S3NS.
create The method google.iam.v1.WorkloadIdentityPools.CreateWorkloadIdentityPoolManagedIdentity is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1.WorkloadIdentityPools.DeleteWorkloadIdentityPoolManagedIdentity is not available in Trusted Cloud by S3NS.
get The method google.iam.v1.WorkloadIdentityPools.GetWorkloadIdentityPoolManagedIdentity is not available in Trusted Cloud by S3NS.
list The method google.iam.v1.WorkloadIdentityPools.ListWorkloadIdentityPoolManagedIdentities is not available in Trusted Cloud by S3NS.
listAttestationRules The method google.iam.v1.WorkloadIdentityPools.ListAttestationRules is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1.WorkloadIdentityPools.UpdateWorkloadIdentityPoolManagedIdentity is not available in Trusted Cloud by S3NS.
removeAttestationRule The method google.iam.v1.WorkloadIdentityPools.RemoveAttestationRule is not available in Trusted Cloud by S3NS.
setAttestationRules The method google.iam.v1.WorkloadIdentityPools.SetAttestationRules is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1.WorkloadIdentityPools.UndeleteWorkloadIdentityPoolManagedIdentity is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.providers

Methods
create The method google.iam.v1.WorkloadIdentityPools.CreateWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1.WorkloadIdentityPools.DeleteWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
get The method google.iam.v1.WorkloadIdentityPools.GetWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
list The method google.iam.v1.WorkloadIdentityPools.ListWorkloadIdentityPoolProviders is not available in Trusted Cloud by S3NS.
patch The method google.iam.v1.WorkloadIdentityPools.UpdateWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1.WorkloadIdentityPools.UndeleteWorkloadIdentityPoolProvider is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.providers.keys

Methods
create The method google.iam.v1.WorkloadIdentityPools.CreateWorkloadIdentityPoolProviderKey is not available in Trusted Cloud by S3NS.
delete The method google.iam.v1.WorkloadIdentityPools.DeleteWorkloadIdentityPoolProviderKey is not available in Trusted Cloud by S3NS.
get The method google.iam.v1.WorkloadIdentityPools.GetWorkloadIdentityPoolProviderKey is not available in Trusted Cloud by S3NS.
list The method google.iam.v1.WorkloadIdentityPools.ListWorkloadIdentityPoolProviderKeys is not available in Trusted Cloud by S3NS.
undelete The method google.iam.v1.WorkloadIdentityPools.UndeleteWorkloadIdentityPoolProviderKey is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.locations.workloadIdentityPools.providers.operations

Methods
get The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS.

REST Resource: v1.projects.roles

Methods
create POST /v1/{parent=projects/*}/roles
Creates a new custom Role.
delete DELETE /v1/{name=projects/*/roles/*}
Deletes a custom Role.
get GET /v1/{name=projects/*/roles/*}
Gets the definition of a Role.
list GET /v1/{parent=projects/*}/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
patch PATCH /v1/{name=projects/*/roles/*}
Updates the definition of a custom Role.
undelete POST /v1/{name=projects/*/roles/*}:undelete
Undeletes a custom Role.

REST Resource: v1.projects.serviceAccounts

Methods
create POST /v1/{name=projects/*}/serviceAccounts
Creates a ServiceAccount.
delete DELETE /v1/{name=projects/*/serviceAccounts/*}
Deletes a ServiceAccount.
disable POST /v1/{name=projects/*/serviceAccounts/*}:disable
Disables a ServiceAccount immediately.
enable POST /v1/{name=projects/*/serviceAccounts/*}:enable
Enables a ServiceAccount that was disabled by DisableServiceAccount.
get GET /v1/{name=projects/*/serviceAccounts/*}
Gets a ServiceAccount.
getIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy
Gets the IAM policy that is attached to a ServiceAccount.
list GET /v1/{name=projects/*}/serviceAccounts
Lists every ServiceAccount that belongs to a specific project.
patch PATCH /v1/{serviceAccount.name=projects/*/serviceAccounts/*}
Patches a ServiceAccount.
setIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
Sets the IAM policy that is attached to a ServiceAccount.
signBlob
(deprecated)		 POST /v1/{name=projects/*/serviceAccounts/*}:signBlob
Signs a blob using the system-managed private key for a ServiceAccount.
signJwt
(deprecated)		 POST /v1/{name=projects/*/serviceAccounts/*}:signJwt
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.
testIamPermissions POST /v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions
Tests whether the caller has the specified permissions on a ServiceAccount.
undelete POST /v1/{name=projects/*/serviceAccounts/*}:undelete
Restores a deleted ServiceAccount.
update PUT /v1/{name=projects/*/serviceAccounts/*}
Note: We are in the process of deprecating this method.

REST Resource: v1.projects.serviceAccounts.keys

Methods
create POST /v1/{name=projects/*/serviceAccounts/*}/keys
Creates a ServiceAccountKey.
delete DELETE /v1/{name=projects/*/serviceAccounts/*/keys/*}
Deletes a ServiceAccountKey.
disable POST /v1/{name=projects/*/serviceAccounts/*/keys/*}:disable
Disable a ServiceAccountKey.
enable POST /v1/{name=projects/*/serviceAccounts/*/keys/*}:enable
Enable a ServiceAccountKey.
get GET /v1/{name=projects/*/serviceAccounts/*/keys/*}
Gets a ServiceAccountKey.
list GET /v1/{name=projects/*/serviceAccounts/*}/keys
Lists every ServiceAccountKey for a service account.
upload POST /v1/{name=projects/*/serviceAccounts/*}/keys:upload
Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount.

REST Resource: v1.roles

Methods
get GET /v1/{name=roles/*}
Gets the definition of a Role.
list GET /v1/roles
Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
queryGrantableRoles POST /v1/roles:queryGrantableRoles
Lists roles that can be granted on a Trusted Cloud resource.