IAMClient (Google IAM Admin API 3.62.0 API)

java.lang.Object
- com.google.cloud.iam.admin.v1.IAMClient

All Implemented Interfaces:: com.google.api.gax.core.BackgroundResource, AutoCloseable

@Generated(value="by gapic-generator-java")
public class IAMClient
extends Object
implements com.google.api.gax.core.BackgroundResource

Service Description: Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

**Service accounts**, which identify an application or a virtual machine (VM) instance rather than a person
**Service account keys**, which service accounts use to authenticate with Google APIs
**IAM policies for service accounts**, which specify the roles that a principal has for the service account
**IAM custom roles**, which help you limit the number of permissions that you grant to principals

In addition, you can use this service to complete the following tasks, among others:

Test whether a service account can use specific permissions
Check which roles you can grant for a specific resource
Lint, or validate, condition expressions in an IAM policy

When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.

In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (IAMClient iAMClient = IAMClient.create()) {
   ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
   ServiceAccount response = iAMClient.getServiceAccount(name);
 }

Note: close() needs to be called on the IAMClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

Methods
Method	Description	Method Variants
ListServiceAccounts	Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.	Request object method variants only take one parameter, a request object, which must be constructed before the call. listServiceAccounts(ListServiceAccountsRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. listServiceAccounts(ProjectName name) listServiceAccounts(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. listServiceAccountsPagedCallable() listServiceAccountsCallable()
GetServiceAccount	Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. getServiceAccount(GetServiceAccountRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. getServiceAccount(ServiceAccountName name) getServiceAccount(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. getServiceAccountCallable()
CreateServiceAccount	Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. createServiceAccount(CreateServiceAccountRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. createServiceAccount(ProjectName name, String accountId, ServiceAccount serviceAccount) createServiceAccount(String name, String accountId, ServiceAccount serviceAccount) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. createServiceAccountCallable()
UpdateServiceAccount	Note: We are in the process of deprecating this method. Use [PatchServiceAccount][google.iam.admin.v1.IAM.PatchServiceAccount] instead. Updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. You can update only the `display_name` field.	Request object method variants only take one parameter, a request object, which must be constructed before the call. updateServiceAccount(ServiceAccount request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. updateServiceAccountCallable()
PatchServiceAccount	Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. patchServiceAccount(PatchServiceAccountRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. patchServiceAccountCallable()
DeleteServiceAccount	Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. Warning: After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount] to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.	Request object method variants only take one parameter, a request object, which must be constructed before the call. deleteServiceAccount(DeleteServiceAccountRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. deleteServiceAccount(ServiceAccountName name) deleteServiceAccount(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. deleteServiceAccountCallable()
UndeleteServiceAccount	Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount]. Important: It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.	Request object method variants only take one parameter, a request object, which must be constructed before the call. undeleteServiceAccount(UndeleteServiceAccountRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. undeleteServiceAccountCallable()
EnableServiceAccount	Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount]. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.	Request object method variants only take one parameter, a request object, which must be constructed before the call. enableServiceAccount(EnableServiceAccountRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. enableServiceAccountCallable()
DisableServiceAccount	Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use [EnableServiceAccount][google.iam.admin.v1.IAM.EnableServiceAccount]. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with [DeleteServiceAccount][google.iam.admin.v1.IAM.DeleteServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. disableServiceAccount(DisableServiceAccountRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. disableServiceAccountCallable()
ListServiceAccountKeys	Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.	Request object method variants only take one parameter, a request object, which must be constructed before the call. listServiceAccountKeys(ListServiceAccountKeysRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. listServiceAccountKeys(ServiceAccountName name, List<ListServiceAccountKeysRequest.KeyType> keyTypes) listServiceAccountKeys(String name, List<ListServiceAccountKeysRequest.KeyType> keyTypes) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. listServiceAccountKeysCallable()
GetServiceAccountKey	Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].	Request object method variants only take one parameter, a request object, which must be constructed before the call. getServiceAccountKey(GetServiceAccountKeyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. getServiceAccountKey(KeyName name, ServiceAccountPublicKeyType publicKeyType) getServiceAccountKey(String name, ServiceAccountPublicKeyType publicKeyType) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. getServiceAccountKeyCallable()
CreateServiceAccountKey	Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].	Request object method variants only take one parameter, a request object, which must be constructed before the call. createServiceAccountKey(CreateServiceAccountKeyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. createServiceAccountKey(ServiceAccountName name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm) createServiceAccountKey(String name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. createServiceAccountKeyCallable()
UploadServiceAccountKey	Uploads the public key portion of a key pair that you manage, and associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. After you upload the public key, you can use the private key from the key pair as a service account key.	Request object method variants only take one parameter, a request object, which must be constructed before the call. uploadServiceAccountKey(UploadServiceAccountKeyRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. uploadServiceAccountKeyCallable()
DeleteServiceAccountKey	Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.	Request object method variants only take one parameter, a request object, which must be constructed before the call. deleteServiceAccountKey(DeleteServiceAccountKeyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. deleteServiceAccountKey(KeyName name) deleteServiceAccountKey(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. deleteServiceAccountKeyCallable()
DisableServiceAccountKey	Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. A disabled service account key can be re-enabled with [EnableServiceAccountKey][google.iam.admin.v1.IAM.EnableServiceAccountKey].	Request object method variants only take one parameter, a request object, which must be constructed before the call. disableServiceAccountKey(DisableServiceAccountKeyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. disableServiceAccountKey(KeyName name) disableServiceAccountKey(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. disableServiceAccountKeyCallable()
EnableServiceAccountKey	Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].	Request object method variants only take one parameter, a request object, which must be constructed before the call. enableServiceAccountKey(EnableServiceAccountKeyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. enableServiceAccountKey(KeyName name) enableServiceAccountKey(String name) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. enableServiceAccountKeyCallable()
SignBlob	Note: This method is deprecated. Use the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a blob using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. signBlob(SignBlobRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. signBlob(ServiceAccountName name, ByteString bytesToSign) signBlob(String name, ByteString bytesToSign) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. signBlobCallable()
SignJwt	Note: This method is deprecated. Use the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. signJwt(SignJwtRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. signJwt(ServiceAccountName name, String payload) signJwt(String name, String payload) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. signJwtCallable()
GetIamPolicy	Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.	Request object method variants only take one parameter, a request object, which must be constructed before the call. getIamPolicy(GetIamPolicyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. getIamPolicy(ResourceName resource) getIamPolicy(String resource) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. getIamPolicyCallable()
SetIamPolicy	Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).	Request object method variants only take one parameter, a request object, which must be constructed before the call. setIamPolicy(SetIamPolicyRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. setIamPolicy(ResourceName resource, Policy policy) setIamPolicy(String resource, Policy policy) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. setIamPolicyCallable()
TestIamPermissions	Tests whether the caller has the specified permissions on a [ServiceAccount][google.iam.admin.v1.ServiceAccount].	Request object method variants only take one parameter, a request object, which must be constructed before the call. testIamPermissions(TestIamPermissionsRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. testIamPermissions(ResourceName resource, List<String> permissions) testIamPermissions(String resource, List<String> permissions) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. testIamPermissionsCallable()
QueryGrantableRoles	Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.	Request object method variants only take one parameter, a request object, which must be constructed before the call. queryGrantableRoles(QueryGrantableRolesRequest request) "Flattened" method variants have converted the fields of the request object into function parameters to enable multiple ways to call the same method. queryGrantableRoles(String fullResourceName) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. queryGrantableRolesPagedCallable() queryGrantableRolesCallable()
ListRoles	Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role that is defined for an organization or project.	Request object method variants only take one parameter, a request object, which must be constructed before the call. listRoles(ListRolesRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. listRolesPagedCallable() listRolesCallable()
GetRole	Gets the definition of a [Role][google.iam.admin.v1.Role].	Request object method variants only take one parameter, a request object, which must be constructed before the call. getRole(GetRoleRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. getRoleCallable()
CreateRole	Creates a new custom [Role][google.iam.admin.v1.Role].	Request object method variants only take one parameter, a request object, which must be constructed before the call. createRole(CreateRoleRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. createRoleCallable()
UpdateRole	Updates the definition of a custom [Role][google.iam.admin.v1.Role].	Request object method variants only take one parameter, a request object, which must be constructed before the call. updateRole(UpdateRoleRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. updateRoleCallable()
DeleteRole	Deletes a custom [Role][google.iam.admin.v1.Role]. When you delete a custom role, the following changes occur immediately: You cannot bind a principal to the custom role in an IAM [Policy][google.iam.v1.Policy]. Existing bindings to the custom role are not changed, but they have no effect. By default, the response from [ListRoles][google.iam.admin.v1.IAM.ListRoles] does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: The custom role is permanently deleted and cannot be recovered. If an IAM policy contains a binding to the custom role, the binding is permanently removed.	Request object method variants only take one parameter, a request object, which must be constructed before the call. deleteRole(DeleteRoleRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. deleteRoleCallable()
UndeleteRole	Undeletes a custom [Role][google.iam.admin.v1.Role].	Request object method variants only take one parameter, a request object, which must be constructed before the call. undeleteRole(UndeleteRoleRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. undeleteRoleCallable()
QueryTestablePermissions	Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.	Request object method variants only take one parameter, a request object, which must be constructed before the call. queryTestablePermissions(QueryTestablePermissionsRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. queryTestablePermissionsPagedCallable() queryTestablePermissionsCallable()
QueryAuditableServices	Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](https://cloud.google.com/logging/docs/audit).	Request object method variants only take one parameter, a request object, which must be constructed before the call. queryAuditableServices(QueryAuditableServicesRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. queryAuditableServicesCallable()
LintPolicy	Lints, or validates, an IAM policy. Currently checks the [google.iam.v1.Binding.condition][google.iam.v1.Binding.condition] field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy.	Request object method variants only take one parameter, a request object, which must be constructed before the call. lintPolicy(LintPolicyRequest request) Callable method variants take no parameters and return an immutable API callable object, which can be used to initiate calls to the service. lintPolicyCallable()

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of IAMSettings to create(). For example:

To customize credentials:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 IAMSettings iAMSettings =
     IAMSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 IAMClient iAMClient = IAMClient.create(iAMSettings);

To customize the endpoint:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 IAMSettings iAMSettings = IAMSettings.newBuilder().setEndpoint(myEndpoint).build();
 IAMClient iAMClient = IAMClient.create(iAMSettings);

Please refer to the GitHub repository's samples for more quickstart code snippets.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`IAMClient.ListRolesFixedSizeCollection`
`static class`	`IAMClient.ListRolesPage`
`static class`	`IAMClient.ListRolesPagedResponse`
`static class`	`IAMClient.ListServiceAccountsFixedSizeCollection`
`static class`	`IAMClient.ListServiceAccountsPage`
`static class`	`IAMClient.ListServiceAccountsPagedResponse`
`static class`	`IAMClient.QueryGrantableRolesFixedSizeCollection`
`static class`	`IAMClient.QueryGrantableRolesPage`
`static class`	`IAMClient.QueryGrantableRolesPagedResponse`
`static class`	`IAMClient.QueryTestablePermissionsFixedSizeCollection`
`static class`	`IAMClient.QueryTestablePermissionsPage`
`static class`	`IAMClient.QueryTestablePermissionsPagedResponse`

Constructor Summary

Constructors
Modifier	Constructor and Description
`protected`	`IAMClient(IAMSettings settings)` Constructs an instance of IAMClient, using the given settings.
`protected`	`IAMClient(IAMStub stub)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`boolean`	`awaitTermination(long duration, TimeUnit unit)`
`void`	`close()`
`static IAMClient`	`create()` Constructs an instance of IAMClient with default settings.
`static IAMClient`	`create(IAMSettings settings)` Constructs an instance of IAMClient, using the given settings.
`static IAMClient`	`create(IAMStub stub)` Constructs an instance of IAMClient, using the given stub for making calls.
`Role`	`createRole(CreateRoleRequest request)` Creates a new custom [Role][google.iam.admin.v1.Role].
`com.google.api.gax.rpc.UnaryCallable<CreateRoleRequest,Role>`	`createRoleCallable()` Creates a new custom [Role][google.iam.admin.v1.Role].
`ServiceAccount`	`createServiceAccount(CreateServiceAccountRequest request)` Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccount`	`createServiceAccount(ProjectName name, String accountId, ServiceAccount serviceAccount)` Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccount`	`createServiceAccount(String name, String accountId, ServiceAccount serviceAccount)` Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<CreateServiceAccountRequest,ServiceAccount>`	`createServiceAccountCallable()` Creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccountKey`	`createServiceAccountKey(CreateServiceAccountKeyRequest request)` Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`ServiceAccountKey`	`createServiceAccountKey(ServiceAccountName name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)` Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`ServiceAccountKey`	`createServiceAccountKey(String name, ServiceAccountPrivateKeyType privateKeyType, ServiceAccountKeyAlgorithm keyAlgorithm)` Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.api.gax.rpc.UnaryCallable<CreateServiceAccountKeyRequest,ServiceAccountKey>`	`createServiceAccountKeyCallable()` Creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`Role`	`deleteRole(DeleteRoleRequest request)` Deletes a custom [Role][google.iam.admin.v1.Role].
`com.google.api.gax.rpc.UnaryCallable<DeleteRoleRequest,Role>`	`deleteRoleCallable()` Deletes a custom [Role][google.iam.admin.v1.Role].
`void`	`deleteServiceAccount(DeleteServiceAccountRequest request)` Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`void`	`deleteServiceAccount(ServiceAccountName name)` Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`void`	`deleteServiceAccount(String name)` Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<DeleteServiceAccountRequest,com.google.protobuf.Empty>`	`deleteServiceAccountCallable()` Deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`void`	`deleteServiceAccountKey(DeleteServiceAccountKeyRequest request)` Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`deleteServiceAccountKey(KeyName name)` Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`deleteServiceAccountKey(String name)` Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.api.gax.rpc.UnaryCallable<DeleteServiceAccountKeyRequest,com.google.protobuf.Empty>`	`deleteServiceAccountKeyCallable()` Deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`disableServiceAccount(DisableServiceAccountRequest request)` Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
`com.google.api.gax.rpc.UnaryCallable<DisableServiceAccountRequest,com.google.protobuf.Empty>`	`disableServiceAccountCallable()` Disables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] immediately.
`void`	`disableServiceAccountKey(DisableServiceAccountKeyRequest request)` Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`disableServiceAccountKey(KeyName name)` Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`disableServiceAccountKey(String name)` Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.api.gax.rpc.UnaryCallable<DisableServiceAccountKeyRequest,com.google.protobuf.Empty>`	`disableServiceAccountKeyCallable()` Disable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`enableServiceAccount(EnableServiceAccountRequest request)` Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<EnableServiceAccountRequest,com.google.protobuf.Empty>`	`enableServiceAccountCallable()` Enables a [ServiceAccount][google.iam.admin.v1.ServiceAccount] that was disabled by [DisableServiceAccount][google.iam.admin.v1.IAM.DisableServiceAccount].
`void`	`enableServiceAccountKey(EnableServiceAccountKeyRequest request)` Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`enableServiceAccountKey(KeyName name)` Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`void`	`enableServiceAccountKey(String name)` Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.api.gax.rpc.UnaryCallable<EnableServiceAccountKeyRequest,com.google.protobuf.Empty>`	`enableServiceAccountKeyCallable()` Enable a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.iam.v1.Policy`	`getIamPolicy(com.google.iam.v1.GetIamPolicyRequest request)` Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.Policy`	`getIamPolicy(com.google.api.resourcenames.ResourceName resource)` Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.Policy`	`getIamPolicy(String resource)` Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<com.google.iam.v1.GetIamPolicyRequest,com.google.iam.v1.Policy>`	`getIamPolicyCallable()` Gets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`Role`	`getRole(GetRoleRequest request)` Gets the definition of a [Role][google.iam.admin.v1.Role].
`com.google.api.gax.rpc.UnaryCallable<GetRoleRequest,Role>`	`getRoleCallable()` Gets the definition of a [Role][google.iam.admin.v1.Role].
`ServiceAccount`	`getServiceAccount(GetServiceAccountRequest request)` Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccount`	`getServiceAccount(ServiceAccountName name)` Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccount`	`getServiceAccount(String name)` Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<GetServiceAccountRequest,ServiceAccount>`	`getServiceAccountCallable()` Gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`ServiceAccountKey`	`getServiceAccountKey(GetServiceAccountKeyRequest request)` Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`ServiceAccountKey`	`getServiceAccountKey(KeyName name, ServiceAccountPublicKeyType publicKeyType)` Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`ServiceAccountKey`	`getServiceAccountKey(String name, ServiceAccountPublicKeyType publicKeyType)` Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`com.google.api.gax.rpc.UnaryCallable<GetServiceAccountKeyRequest,ServiceAccountKey>`	`getServiceAccountKeyCallable()` Gets a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
`IAMSettings`	`getSettings()`
`IAMStub`	`getStub()`
`boolean`	`isShutdown()`
`boolean`	`isTerminated()`
`LintPolicyResponse`	`lintPolicy(LintPolicyRequest request)` Lints, or validates, an IAM policy.
`com.google.api.gax.rpc.UnaryCallable<LintPolicyRequest,LintPolicyResponse>`	`lintPolicyCallable()` Lints, or validates, an IAM policy.
`IAMClient.ListRolesPagedResponse`	`listRoles(ListRolesRequest request)` Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role that is defined for an organization or project.
`com.google.api.gax.rpc.UnaryCallable<ListRolesRequest,ListRolesResponse>`	`listRolesCallable()` Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role that is defined for an organization or project.
`com.google.api.gax.rpc.UnaryCallable<ListRolesRequest,IAMClient.ListRolesPagedResponse>`	`listRolesPagedCallable()` Lists every predefined [Role][google.iam.admin.v1.Role] that IAM supports, or every custom role that is defined for an organization or project.
`ListServiceAccountKeysResponse`	`listServiceAccountKeys(ListServiceAccountKeysRequest request)` Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
`ListServiceAccountKeysResponse`	`listServiceAccountKeys(ServiceAccountName name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)` Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
`ListServiceAccountKeysResponse`	`listServiceAccountKeys(String name, List<ListServiceAccountKeysRequest.KeyType> keyTypes)` Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
`com.google.api.gax.rpc.UnaryCallable<ListServiceAccountKeysRequest,ListServiceAccountKeysResponse>`	`listServiceAccountKeysCallable()` Lists every [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] for a service account.
`IAMClient.ListServiceAccountsPagedResponse`	`listServiceAccounts(ListServiceAccountsRequest request)` Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
`IAMClient.ListServiceAccountsPagedResponse`	`listServiceAccounts(ProjectName name)` Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
`IAMClient.ListServiceAccountsPagedResponse`	`listServiceAccounts(String name)` Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
`com.google.api.gax.rpc.UnaryCallable<ListServiceAccountsRequest,ListServiceAccountsResponse>`	`listServiceAccountsCallable()` Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
`com.google.api.gax.rpc.UnaryCallable<ListServiceAccountsRequest,IAMClient.ListServiceAccountsPagedResponse>`	`listServiceAccountsPagedCallable()` Lists every [ServiceAccount][google.iam.admin.v1.ServiceAccount] that belongs to a specific project.
`ServiceAccount`	`patchServiceAccount(PatchServiceAccountRequest request)` Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<PatchServiceAccountRequest,ServiceAccount>`	`patchServiceAccountCallable()` Patches a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`QueryAuditableServicesResponse`	`queryAuditableServices(QueryAuditableServicesRequest request)` Returns a list of services that allow you to opt into audit logs that are not generated by default.
`com.google.api.gax.rpc.UnaryCallable<QueryAuditableServicesRequest,QueryAuditableServicesResponse>`	`queryAuditableServicesCallable()` Returns a list of services that allow you to opt into audit logs that are not generated by default.
`IAMClient.QueryGrantableRolesPagedResponse`	`queryGrantableRoles(QueryGrantableRolesRequest request)` Lists roles that can be granted on a Google Cloud resource.
`IAMClient.QueryGrantableRolesPagedResponse`	`queryGrantableRoles(String fullResourceName)` Lists roles that can be granted on a Google Cloud resource.
`com.google.api.gax.rpc.UnaryCallable<QueryGrantableRolesRequest,QueryGrantableRolesResponse>`	`queryGrantableRolesCallable()` Lists roles that can be granted on a Google Cloud resource.
`com.google.api.gax.rpc.UnaryCallable<QueryGrantableRolesRequest,IAMClient.QueryGrantableRolesPagedResponse>`	`queryGrantableRolesPagedCallable()` Lists roles that can be granted on a Google Cloud resource.
`IAMClient.QueryTestablePermissionsPagedResponse`	`queryTestablePermissions(QueryTestablePermissionsRequest request)` Lists every permission that you can test on a resource.
`com.google.api.gax.rpc.UnaryCallable<QueryTestablePermissionsRequest,QueryTestablePermissionsResponse>`	`queryTestablePermissionsCallable()` Lists every permission that you can test on a resource.
`com.google.api.gax.rpc.UnaryCallable<QueryTestablePermissionsRequest,IAMClient.QueryTestablePermissionsPagedResponse>`	`queryTestablePermissionsPagedCallable()` Lists every permission that you can test on a resource.
`com.google.iam.v1.Policy`	`setIamPolicy(com.google.api.resourcenames.ResourceName resource, com.google.iam.v1.Policy policy)` Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.Policy`	`setIamPolicy(com.google.iam.v1.SetIamPolicyRequest request)` Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.Policy`	`setIamPolicy(String resource, com.google.iam.v1.Policy policy)` Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<com.google.iam.v1.SetIamPolicyRequest,com.google.iam.v1.Policy>`	`setIamPolicyCallable()` Sets the IAM policy that is attached to a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`void`	`shutdown()`
`void`	`shutdownNow()`
`SignBlobResponse`	`signBlob(ServiceAccountName name, com.google.protobuf.ByteString bytesToSign)` Deprecated. This method is deprecated and will be removed in the next major version update.
`SignBlobResponse`	`signBlob(SignBlobRequest request)` Deprecated. This method is deprecated and will be removed in the next major version update.
`SignBlobResponse`	`signBlob(String name, com.google.protobuf.ByteString bytesToSign)` Deprecated. This method is deprecated and will be removed in the next major version update.
`com.google.api.gax.rpc.UnaryCallable<SignBlobRequest,SignBlobResponse>`	`signBlobCallable()` Deprecated. This method is deprecated and will be removed in the next major version update.
`SignJwtResponse`	`signJwt(ServiceAccountName name, String payload)` Deprecated. This method is deprecated and will be removed in the next major version update.
`SignJwtResponse`	`signJwt(SignJwtRequest request)` Deprecated. This method is deprecated and will be removed in the next major version update.
`SignJwtResponse`	`signJwt(String name, String payload)` Deprecated. This method is deprecated and will be removed in the next major version update.
`com.google.api.gax.rpc.UnaryCallable<SignJwtRequest,SignJwtResponse>`	`signJwtCallable()` Deprecated. This method is deprecated and will be removed in the next major version update.
`com.google.iam.v1.TestIamPermissionsResponse`	`testIamPermissions(com.google.api.resourcenames.ResourceName resource, List<String> permissions)` Tests whether the caller has the specified permissions on a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.TestIamPermissionsResponse`	`testIamPermissions(String resource, List<String> permissions)` Tests whether the caller has the specified permissions on a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.iam.v1.TestIamPermissionsResponse`	`testIamPermissions(com.google.iam.v1.TestIamPermissionsRequest request)` Tests whether the caller has the specified permissions on a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<com.google.iam.v1.TestIamPermissionsRequest,com.google.iam.v1.TestIamPermissionsResponse>`	`testIamPermissionsCallable()` Tests whether the caller has the specified permissions on a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`Role`	`undeleteRole(UndeleteRoleRequest request)` Undeletes a custom [Role][google.iam.admin.v1.Role].
`com.google.api.gax.rpc.UnaryCallable<UndeleteRoleRequest,Role>`	`undeleteRoleCallable()` Undeletes a custom [Role][google.iam.admin.v1.Role].
`UndeleteServiceAccountResponse`	`undeleteServiceAccount(UndeleteServiceAccountRequest request)` Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<UndeleteServiceAccountRequest,UndeleteServiceAccountResponse>`	`undeleteServiceAccountCallable()` Restores a deleted [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`Role`	`updateRole(UpdateRoleRequest request)` Updates the definition of a custom [Role][google.iam.admin.v1.Role].
`com.google.api.gax.rpc.UnaryCallable<UpdateRoleRequest,Role>`	`updateRoleCallable()` Updates the definition of a custom [Role][google.iam.admin.v1.Role].
`ServiceAccount`	`updateServiceAccount(ServiceAccount request)` Note: We are in the process of deprecating this method.
`com.google.api.gax.rpc.UnaryCallable<ServiceAccount,ServiceAccount>`	`updateServiceAccountCallable()` Note: We are in the process of deprecating this method.
`ServiceAccountKey`	`uploadServiceAccountKey(UploadServiceAccountKeyRequest request)` Uploads the public key portion of a key pair that you manage, and associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
`com.google.api.gax.rpc.UnaryCallable<UploadServiceAccountKeyRequest,ServiceAccountKey>`	`uploadServiceAccountKeyCallable()` Uploads the public key portion of a key pair that you manage, and associates the public key with a [ServiceAccount][google.iam.admin.v1.ServiceAccount].

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- IAMClient
```
protected IAMClient(IAMSettings settings)
             throws IOException
```
  Constructs an instance of IAMClient, using the given settings. This is protected so that it is easy to make a subclass, but otherwise, the static factory methods should be preferred.
  
  Throws:
  
  IOException
- IAMClient
```
protected IAMClient(IAMStub stub)
```

Method Detail

create

public static final IAMClient create()
                              throws IOException

Constructs an instance of IAMClient with default settings.

Throws:: IOException

create
```
public static final IAMClient create(IAMSettings settings)
                              throws IOException
```
Constructs an instance of IAMClient, using the given settings. The channels are created based on the settings passed in, or defaults for any settings that are not set.

Throws:

IOException

create
```
public static final IAMClient create(IAMStub stub)
```
Constructs an instance of IAMClient, using the given stub for making calls. This is for advanced usage - prefer using create(IAMSettings).

getSettings

public final IAMSettings getSettings()

getStub
```
public IAMStub getStub()
```