[−][src]Crate google_iam1
This documentation was generated from iam crate version 1.0.14+20200617, where 20200617 is the exact revision of the iam:v1 schema built by the mako code generator v1.0.14.
Everything else about the iam v1 API can be found at the official documentation site. The original source code is on github.
Features
Handle the following Resources with ease from the central hub ...
- iam policies
- lint policy and query auditable services
- organizations
- roles create, roles delete, roles get, roles list, roles patch and roles undelete
- permissions
- query testable permissions
- projects
- roles create, roles delete, roles get, roles list, roles patch, roles undelete, service accounts create, service accounts delete, service accounts disable, service accounts enable, service accounts get, service accounts get iam policy, service accounts keys create, service accounts keys delete, service accounts keys get, service accounts keys list, service accounts keys upload, service accounts list, service accounts patch, service accounts set iam policy, service accounts sign blob, service accounts sign jwt, service accounts test iam permissions, service accounts undelete and service accounts update
- roles
- get, list and query grantable roles
Not what you are looking for ? Find all other Google APIs in their Rust documentation index.
Structure of this Library
The API is structured into the following primary items:
- Hub
- a central object to maintain state and allow accessing all Activities
- creates Method Builders which in turn allow access to individual Call Builders
- Resources
- primary types that you can apply Activities to
- a collection of properties and Parts
- Parts
- a collection of properties
- never directly used in Activities
- Activities
- operations to apply to Resources
All structures are marked with applicable traits to further categorize them and ease browsing.
Generally speaking, you can invoke Activities like this:
let r = hub.resource().activity(...).doit()
Or specifically ...
let r = hub.organizations().roles_get(...).doit() let r = hub.projects().roles_patch(...).doit() let r = hub.roles().list(...).doit() let r = hub.organizations().roles_delete(...).doit() let r = hub.projects().roles_get(...).doit() let r = hub.roles().get(...).doit() let r = hub.projects().roles_delete(...).doit() let r = hub.projects().roles_create(...).doit() let r = hub.organizations().roles_undelete(...).doit() let r = hub.organizations().roles_patch(...).doit() let r = hub.roles().query_grantable_roles(...).doit() let r = hub.organizations().roles_create(...).doit() let r = hub.projects().roles_undelete(...).doit()
The resource()
and activity(...)
calls create builders. The second one dealing with Activities
supports various methods to configure the impending operation (not shown here). It is made such that all required arguments have to be
specified right away (i.e. (...)
), whereas all optional ones can be build up as desired.
The doit()
method performs the actual communication with the server and returns the respective result.
Usage
Setting up your Project
To use this library, you would put the following lines into your Cargo.toml
file:
[dependencies]
google-iam1 = "*"
# This project intentionally uses an old version of Hyper. See
# https://github.com/Byron/google-apis-rs/issues/173 for more
# information.
hyper = "^0.10"
hyper-rustls = "^0.6"
serde = "^1.0"
serde_json = "^1.0"
yup-oauth2 = "^1.0"
A complete example
extern crate hyper; extern crate hyper_rustls; extern crate yup_oauth2 as oauth2; extern crate google_iam1 as iam1; use iam1::{Result, Error}; use std::default::Default; use oauth2::{Authenticator, DefaultAuthenticatorDelegate, ApplicationSecret, MemoryStorage}; use iam1::Iam; // Get an ApplicationSecret instance by some means. It contains the `client_id` and // `client_secret`, among other things. let secret: ApplicationSecret = Default::default(); // Instantiate the authenticator. It will choose a suitable authentication flow for you, // unless you replace `None` with the desired Flow. // Provide your own `AuthenticatorDelegate` to adjust the way it operates and get feedback about // what's going on. You probably want to bring in your own `TokenStorage` to persist tokens and // retrieve them from storage. let auth = Authenticator::new(&secret, DefaultAuthenticatorDelegate, hyper::Client::with_connector(hyper::net::HttpsConnector::new(hyper_rustls::TlsClient::new())), <MemoryStorage as Default>::default(), None); let mut hub = Iam::new(hyper::Client::with_connector(hyper::net::HttpsConnector::new(hyper_rustls::TlsClient::new())), auth); // You can configure optional parameters by calling the respective setters at will, and // execute the final call using `doit()`. // Values shown here are possibly random and not representative ! let result = hub.roles().list() .view("dolores") .show_deleted(false) .parent("accusam") .page_token("takimata") .page_size(-70) .doit(); match result { Err(e) => match e { // The Error enum provides details about what exactly happened. // You can also just use its `Debug`, `Display` or `Error` traits Error::HttpError(_) |Error::MissingAPIKey |Error::MissingToken(_) |Error::Cancelled |Error::UploadSizeLimitExceeded(_, _) |Error::Failure(_) |Error::BadRequest(_) |Error::FieldClash(_) |Error::JsonDecodeError(_, _) => println!("{}", e), }, Ok(res) => println!("Success: {:?}", res), }
Handling Errors
All errors produced by the system are provided either as Result enumeration as return value of the doit() methods, or handed as possibly intermediate results to either the Hub Delegate, or the Authenticator Delegate.
When delegates handle errors or intermediate values, they may have a chance to instruct the system to retry. This makes the system potentially resilient to all kinds of errors.
Uploads and Downloads
If a method supports downloads, the response body, which is part of the Result, should be
read by you to obtain the media.
If such a method also supports a Response Result, it will return that by default.
You can see it as meta-data for the actual media. To trigger a media download, you will have to set up the builder by making
this call: .param("alt", "media")
.
Methods supporting uploads can do so using up to 2 different protocols:
simple and resumable. The distinctiveness of each is represented by customized
doit(...)
methods, which are then named upload(...)
and upload_resumable(...)
respectively.
Customization and Callbacks
You may alter the way an doit()
method is called by providing a delegate to the
Method Builder before making the final doit()
call.
Respective methods will be called to provide progress information, as well as determine whether the system should
retry on failure.
The delegate trait is default-implemented, allowing you to customize it with minimal effort.
Optional Parts in Server-Requests
All structures provided by this library are made to be encodable and decodable via json. Optionals are used to indicate that partial requests are responses are valid. Most optionals are are considered Parts which are identifiable by name, which will be sent to the server to indicate either the set parts of the request or the desired parts in the response.
Builder Arguments
Using method builders, you are able to prepare an action call by repeatedly calling it's methods. These will always take a single argument, for which the following statements are true.
- PODs are handed by copy
- strings are passed as
&str
- request values are moved
Arguments will always be copied or cloned into the builder, to make them independent of their original life times.
Structs
AuditConfig | Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. |
AuditLogConfig | Provides the configuration for logging a type of permissions. Example: |
AuditableService | Contains information about an auditable service. |
Binding | Associates |
Chunk | |
ContentRange | Implements the Content-Range header, for serialization only |
CreateRoleRequest | The request to create a new role. |
CreateServiceAccountKeyRequest | The service account key create request. |
CreateServiceAccountRequest | The service account create request. |
DefaultDelegate | A delegate with a conservative default implementation, which is used if no other delegate is set. |
DisableServiceAccountRequest | The service account disable request. |
DummyNetworkStream | |
Empty | A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: |
EnableServiceAccountRequest | The service account enable request. |
ErrorResponse | A utility to represent detailed errors we might see in case there are BadRequests. The latter happen if the sent parameters or request structures are unsound |
Expr | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. |
Iam | Central instance to access all Iam related resource activities |
IamPolicyLintPolicyCall | Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. |
IamPolicyMethods | A builder providing access to all methods supported on iamPolicy resources.
It is not used directly, but through the |
IamPolicyQueryAuditableServiceCall | Returns a list of services that allow you to opt into audit logs that are not generated by default. |
JsonServerError | A utility type which can decode a server response that indicates error |
LintPolicyRequest | The request to lint a Cloud IAM policy object. |
LintPolicyResponse | The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found. |
LintResult | Structured response of a single validation unit. |
ListRolesResponse | The response containing the roles defined under a resource. |
ListServiceAccountKeysResponse | The service account keys list response. |
ListServiceAccountsResponse | The service account list response. |
MethodInfo | Contains information about an API request. |
MultiPartReader | Provides a |
OrganizationMethods | A builder providing access to all methods supported on organization resources.
It is not used directly, but through the |
OrganizationRoleCreateCall | Creates a new custom Role. |
OrganizationRoleDeleteCall | Deletes a custom Role. |
OrganizationRoleGetCall | Gets the definition of a Role. |
OrganizationRoleListCall | Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
OrganizationRolePatchCall | Updates the definition of a custom Role. |
OrganizationRoleUndeleteCall | Undeletes a custom Role. |
PatchServiceAccountRequest | The request for PatchServiceAccount. |
Permission | A permission which can be included by a role. |
PermissionMethods | A builder providing access to all methods supported on permission resources.
It is not used directly, but through the |
PermissionQueryTestablePermissionCall | Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource. |
Policy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. |
ProjectMethods | A builder providing access to all methods supported on project resources.
It is not used directly, but through the |
ProjectRoleCreateCall | Creates a new custom Role. |
ProjectRoleDeleteCall | Deletes a custom Role. |
ProjectRoleGetCall | Gets the definition of a Role. |
ProjectRoleListCall | Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
ProjectRolePatchCall | Updates the definition of a custom Role. |
ProjectRoleUndeleteCall | Undeletes a custom Role. |
ProjectServiceAccountCreateCall | Creates a ServiceAccount. |
ProjectServiceAccountDeleteCall | Deletes a ServiceAccount. |
ProjectServiceAccountDisableCall | Disables a ServiceAccount immediately. |
ProjectServiceAccountEnableCall | Enables a ServiceAccount that was disabled by DisableServiceAccount. |
ProjectServiceAccountGetCall | Gets a ServiceAccount. |
ProjectServiceAccountGetIamPolicyCall | Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which members have access to the service account. |
ProjectServiceAccountKeyCreateCall | Creates a ServiceAccountKey. |
ProjectServiceAccountKeyDeleteCall | Deletes a ServiceAccountKey. |
ProjectServiceAccountKeyGetCall | Gets a ServiceAccountKey. |
ProjectServiceAccountKeyListCall | Lists every ServiceAccountKey for a service account. |
ProjectServiceAccountKeyUploadCall | Creates a ServiceAccountKey, using a public key that you provide. |
ProjectServiceAccountListCall | Lists every ServiceAccount that belongs to a specific project. |
ProjectServiceAccountPatchCall | Patches a ServiceAccount. |
ProjectServiceAccountSetIamPolicyCall | Sets the IAM policy that is attached to a ServiceAccount. |
ProjectServiceAccountSignBlobCall | Note: We are in the process of deprecating this method. Use the
|
ProjectServiceAccountSignJwtCall | Note: We are in the process of deprecating this method. Use the
|
ProjectServiceAccountTestIamPermissionCall | Tests whether the caller has the specified permissions on a ServiceAccount. |
ProjectServiceAccountUndeleteCall | Restores a deleted ServiceAccount. |
ProjectServiceAccountUpdateCall | Note: We are in the process of deprecating this method. Use PatchServiceAccount instead. |
QueryAuditableServicesRequest | A request to get the list of auditable services for a resource. |
QueryAuditableServicesResponse | A response containing a list of auditable services for a resource. |
QueryGrantableRolesRequest | The grantable role query request. |
QueryGrantableRolesResponse | The grantable role query response. |
QueryTestablePermissionsRequest | A request to get permissions which can be tested on a resource. |
QueryTestablePermissionsResponse | The response containing permissions which can be tested on a resource. |
RangeResponseHeader | |
ResumableUploadHelper | A utility type to perform a resumable upload from start to end. |
Role | A role in the Identity and Access Management API. |
RoleGetCall | Gets the definition of a Role. |
RoleListCall | Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
RoleMethods | A builder providing access to all methods supported on role resources.
It is not used directly, but through the |
RoleQueryGrantableRoleCall | Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role. |
ServerError | |
ServerMessage | |
ServiceAccount | An IAM service account. |
ServiceAccountKey | Represents a service account key. |
SetIamPolicyRequest | Request message for |
SignBlobRequest | The service account sign blob request. |
SignBlobResponse | The service account sign blob response. |
SignJwtRequest | The service account sign JWT request. |
SignJwtResponse | The service account sign JWT response. |
TestIamPermissionsRequest | Request message for |
TestIamPermissionsResponse | Response message for |
UndeleteRoleRequest | The request to undelete an existing role. |
UndeleteServiceAccountRequest | The service account undelete request. |
UndeleteServiceAccountResponse | There is no detailed description. |
UploadServiceAccountKeyRequest | The service account key upload request. |
XUploadContentType | The |
Enums
Error | |
Scope | Identifies the an OAuth2 authorization scope. A scope is needed when requesting an authorization token. |
Traits
CallBuilder | Identifies types which represent builders for a particular resource method |
Delegate | A trait specifying functionality to help controlling any request performed by the API. The trait has a conservative default implementation. |
Hub | Identifies the Hub. There is only one per library, this trait is supposed to make intended use more explicit. The hub allows to access all resource methods more easily. |
MethodsBuilder | Identifies types for building methods of a particular resource type |
NestedType | Identifies types which are only used by other types internally. They have no special meaning, this trait just marks them for completeness. |
Part | Identifies types which are only used as part of other types, which
usually are carrying the |
ReadSeek | A utility to specify reader types which provide seeking capabilities too |
RequestValue | Identifies types which are used in API requests. |
Resource | Identifies types which can be inserted and deleted. Types with this trait are most commonly used by clients of this API. |
ResponseResult | Identifies types which are used in API responses. |
ToParts | A trait for all types that can convert themselves into a parts string |
UnusedType | Identifies types which are not actually used by the API This might be a bug within the google API schema. |
Functions
remove_json_null_values |
Type Definitions
Result | A universal result type used as return for all calls. |