Crate google_iam1[][src]

This documentation was generated from iam crate version 1.0.8+20181005, where 20181005 is the exact revision of the iam:v1 schema built by the mako code generator v1.0.8.

Everything else about the iam v1 API can be found at the official documentation site. The original source code is on github.

Features

Handle the following Resources with ease from the central hub ...

Not what you are looking for ? Find all other Google APIs in their Rust documentation index.

Structure of this Library

The API is structured into the following primary items:

  • Hub
    • a central object to maintain state and allow accessing all Activities
    • creates Method Builders which in turn allow access to individual Call Builders
  • Resources
    • primary types that you can apply Activities to
    • a collection of properties and Parts
    • Parts
      • a collection of properties
      • never directly used in Activities
  • Activities
    • operations to apply to Resources

All structures are marked with applicable traits to further categorize them and ease browsing.

Generally speaking, you can invoke Activities like this:

let r = hub.resource().activity(...).doit()

Or specifically ...

This example is not tested
let r = hub.organizations().roles_get(...).doit()
let r = hub.projects().roles_patch(...).doit()
let r = hub.roles().list(...).doit()
let r = hub.organizations().roles_delete(...).doit()
let r = hub.projects().roles_get(...).doit()
let r = hub.roles().get(...).doit()
let r = hub.projects().roles_delete(...).doit()
let r = hub.projects().roles_create(...).doit()
let r = hub.organizations().roles_undelete(...).doit()
let r = hub.organizations().roles_patch(...).doit()
let r = hub.roles().query_grantable_roles(...).doit()
let r = hub.organizations().roles_create(...).doit()
let r = hub.projects().roles_undelete(...).doit()

The resource() and activity(...) calls create builders. The second one dealing with Activities supports various methods to configure the impending operation (not shown here). It is made such that all required arguments have to be specified right away (i.e. (...)), whereas all optional ones can be build up as desired. The doit() method performs the actual communication with the server and returns the respective result.

Usage

Setting up your Project

To use this library, you would put the following lines into your Cargo.toml file:

[dependencies]
google-iam1 = "*"
# This project intentionally uses an old version of Hyper. See
# https://github.com/Byron/google-apis-rs/issues/173 for more
# information.
hyper = "^0.10"
hyper-rustls = "^0.6"
serde = "^1.0"
serde_json = "^1.0"
yup-oauth2 = "^1.0"

A complete example

extern crate hyper;
extern crate hyper_rustls;
extern crate yup_oauth2 as oauth2;
extern crate google_iam1 as iam1;
use iam1::{Result, Error};
use std::default::Default;
use oauth2::{Authenticator, DefaultAuthenticatorDelegate, ApplicationSecret, MemoryStorage};
use iam1::Iam;
 
// Get an ApplicationSecret instance by some means. It contains the `client_id` and 
// `client_secret`, among other things.
let secret: ApplicationSecret = Default::default();
// Instantiate the authenticator. It will choose a suitable authentication flow for you, 
// unless you replace  `None` with the desired Flow.
// Provide your own `AuthenticatorDelegate` to adjust the way it operates and get feedback about 
// what's going on. You probably want to bring in your own `TokenStorage` to persist tokens and
// retrieve them from storage.
let auth = Authenticator::new(&secret, DefaultAuthenticatorDelegate,
                              hyper::Client::with_connector(hyper::net::HttpsConnector::new(hyper_rustls::TlsClient::new())),
                              <MemoryStorage as Default>::default(), None);
let mut hub = Iam::new(hyper::Client::with_connector(hyper::net::HttpsConnector::new(hyper_rustls::TlsClient::new())), auth);
// You can configure optional parameters by calling the respective setters at will, and
// execute the final call using `doit()`.
// Values shown here are possibly random and not representative !
let result = hub.roles().list()
             .view("dolores")
             .show_deleted(false)
             .parent("accusam")
             .page_token("takimata")
             .page_size(-70)
             .doit();
 
match result {
    Err(e) => match e {
        // The Error enum provides details about what exactly happened.
        // You can also just use its `Debug`, `Display` or `Error` traits
         Error::HttpError(_)
        |Error::MissingAPIKey
        |Error::MissingToken(_)
        |Error::Cancelled
        |Error::UploadSizeLimitExceeded(_, _)
        |Error::Failure(_)
        |Error::BadRequest(_)
        |Error::FieldClash(_)
        |Error::JsonDecodeError(_, _) => println!("{}", e),
    },
    Ok(res) => println!("Success: {:?}", res),
}

Handling Errors

All errors produced by the system are provided either as Result enumeration as return value of the doit() methods, or handed as possibly intermediate results to either the Hub Delegate, or the Authenticator Delegate.

When delegates handle errors or intermediate values, they may have a chance to instruct the system to retry. This makes the system potentially resilient to all kinds of errors.

Uploads and Downloads

If a method supports downloads, the response body, which is part of the Result, should be read by you to obtain the media. If such a method also supports a Response Result, it will return that by default. You can see it as meta-data for the actual media. To trigger a media download, you will have to set up the builder by making this call: .param("alt", "media").

Methods supporting uploads can do so using up to 2 different protocols: simple and resumable. The distinctiveness of each is represented by customized doit(...) methods, which are then named upload(...) and upload_resumable(...) respectively.

Customization and Callbacks

You may alter the way an doit() method is called by providing a delegate to the Method Builder before making the final doit() call. Respective methods will be called to provide progress information, as well as determine whether the system should retry on failure.

The delegate trait is default-implemented, allowing you to customize it with minimal effort.

Optional Parts in Server-Requests

All structures provided by this library are made to be enocodable and decodable via json. Optionals are used to indicate that partial requests are responses are valid. Most optionals are are considered Parts which are identifiable by name, which will be sent to the server to indicate either the set parts of the request or the desired parts in the response.

Builder Arguments

Using method builders, you are able to prepare an action call by repeatedly calling it's methods. These will always take a single argument, for which the following statements are true.

Arguments will always be copied or cloned into the builder, to make them independent of their original life times.

Structs

AuditConfig

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs.

AuditLogConfig

Provides the configuration for logging a type of permissions. Example:

AuditableService

Contains information about an auditable service.

Binding

Associates members with a role.

CreateRoleRequest

The request to create a new role.

CreateServiceAccountKeyRequest

The service account key create request.

CreateServiceAccountRequest

The service account create request.

DefaultDelegate

A delegate with a conservative default implementation, which is used if no other delegate is set.

Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance:

ErrorResponse

A utility to represent detailed errors we might see in case there are BadRequests. The latter happen if the sent parameters or request structures are unsound

Expr

Represents an expression text. Example:

Iam

Central instance to access all Iam related resource activities

IamPolicyLintPolicyCall

Lints a Cloud IAM policy object or its sub fields. Currently supports google.iam.v1.Policy, google.iam.v1.Binding and google.iam.v1.Binding.condition.

IamPolicyMethods

A builder providing access to all methods supported on iamPolicy resources. It is not used directly, but through the Iam hub.

IamPolicyQueryAuditableServiceCall

Returns a list of services that support service level audit logging configuration for the given resource.

LintPolicyRequest

The request to lint a Cloud IAM policy object. LintPolicy is currently functional only for lint_object of type condition.

LintPolicyResponse

The response of a lint operation. An empty response indicates the operation was able to fully execute and no lint issue was found.

LintResult

Structured response of a single validation unit.

ListRolesResponse

The response containing the roles defined under a resource.

ListServiceAccountKeysResponse

The service account keys list response.

ListServiceAccountsResponse

The service account list response.

MethodInfo

Contains information about an API request.

MultiPartReader

Provides a Read interface that converts multiple parts into the protocol identified by RFC2387. Note: This implementation is just as rich as it needs to be to perform uploads to google APIs, and might not be a fully-featured implementation.

OrganizationMethods

A builder providing access to all methods supported on organization resources. It is not used directly, but through the Iam hub.

OrganizationRoleCreateCall

Creates a new Role.

OrganizationRoleDeleteCall

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

OrganizationRoleGetCall

Gets a Role definition.

OrganizationRoleListCall

Lists the Roles defined on a resource.

OrganizationRolePatchCall

Updates a Role definition.

OrganizationRoleUndeleteCall

Undelete a Role, bringing it back in its previous state.

Permission

A permission which can be included by a role.

PermissionMethods

A builder providing access to all methods supported on permission resources. It is not used directly, but through the Iam hub.

PermissionQueryTestablePermissionCall

Lists the permissions testable on a resource. A permission is testable if it can be tested for an identity on a resource.

Policy

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

ProjectMethods

A builder providing access to all methods supported on project resources. It is not used directly, but through the Iam hub.

ProjectRoleCreateCall

Creates a new Role.

ProjectRoleDeleteCall

Soft deletes a role. The role is suspended and cannot be used to create new IAM Policy Bindings. The Role will not be included in ListRoles() unless show_deleted is set in the ListRolesRequest. The Role contains the deleted boolean set. Existing Bindings remains, but are inactive. The Role can be undeleted within 7 days. After 7 days the Role is deleted and all Bindings associated with the role are removed.

ProjectRoleGetCall

Gets a Role definition.

ProjectRoleListCall

Lists the Roles defined on a resource.

ProjectRolePatchCall

Updates a Role definition.

ProjectRoleUndeleteCall

Undelete a Role, bringing it back in its previous state.

ProjectServiceAccountCreateCall

Creates a ServiceAccount and returns it.

ProjectServiceAccountDeleteCall

Deletes a ServiceAccount.

ProjectServiceAccountGetCall

Gets a ServiceAccount.

ProjectServiceAccountGetIamPolicyCall

Returns the IAM access control policy for a ServiceAccount.

ProjectServiceAccountKeyCreateCall

Creates a ServiceAccountKey and returns it.

ProjectServiceAccountKeyDeleteCall

Deletes a ServiceAccountKey.

ProjectServiceAccountKeyGetCall

Gets the ServiceAccountKey by key id.

ProjectServiceAccountKeyListCall

Lists ServiceAccountKeys.

ProjectServiceAccountListCall

Lists ServiceAccounts for a project.

ProjectServiceAccountSetIamPolicyCall

Sets the IAM access control policy for a ServiceAccount.

ProjectServiceAccountSignBlobCall

Signs a blob using a service account's system-managed private key.

ProjectServiceAccountSignJwtCall

Signs a JWT using a service account's system-managed private key.

ProjectServiceAccountTestIamPermissionCall

Tests the specified permissions against the IAM access control policy for a ServiceAccount.

ProjectServiceAccountUpdateCall

Updates a ServiceAccount.

QueryAuditableServicesRequest

A request to get the list of auditable services for a resource.

QueryAuditableServicesResponse

A response containing a list of auditable services for a resource.

QueryGrantableRolesRequest

The grantable role query request.

QueryGrantableRolesResponse

The grantable role query response.

QueryTestablePermissionsRequest

A request to get permissions which can be tested on a resource.

QueryTestablePermissionsResponse

The response containing permissions which can be tested on a resource.

Role

A role in the Identity and Access Management API.

RoleGetCall

Gets a Role definition.

RoleListCall

Lists the Roles defined on a resource.

RoleMethods

A builder providing access to all methods supported on role resources. It is not used directly, but through the Iam hub.

RoleQueryGrantableRoleCall

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

ServiceAccount

A service account in the Identity and Access Management API.

ServiceAccountKey

Represents a service account key.

SetIamPolicyRequest

Request message for SetIamPolicy method.

SignBlobRequest

The service account sign blob request.

SignBlobResponse

The service account sign blob response.

SignJwtRequest

The service account sign JWT request.

SignJwtResponse

The service account sign JWT response.

TestIamPermissionsRequest

Request message for TestIamPermissions method.

TestIamPermissionsResponse

Response message for TestIamPermissions method.

UndeleteRoleRequest

The request to undelete an existing role.

Enums

Error
Scope

Identifies the an OAuth2 authorization scope. A scope is needed when requesting an authorization token.

Traits

CallBuilder

Identifies types which represent builders for a particular resource method

Delegate

A trait specifying functionality to help controlling any request performed by the API. The trait has a conservative default implementation.

Hub

Identifies the Hub. There is only one per library, this trait is supposed to make intended use more explicit. The hub allows to access all resource methods more easily.

MethodsBuilder

Identifies types for building methods of a particular resource type

NestedType

Identifies types which are only used by other types internally. They have no special meaning, this trait just marks them for completeness.

Part

Identifies types which are only used as part of other types, which usually are carrying the Resource trait.

ReadSeek

A utility to specify reader types which provide seeking capabilities too

RequestValue

Identifies types which are used in API requests.

Resource

Identifies types which can be inserted and deleted. Types with this trait are most commonly used by clients of this API.

ResponseResult

Identifies types which are used in API responses.

ToParts

A trait for all types that can convert themselves into a parts string

Functions

remove_json_null_values

Type Definitions

Result

A universal result type used as return for all calls.