Identity and Access Management API, gRPC: ServiceAccountService
A set of methods for managing ServiceAccount resources.
Call | Description |
---|---|
Get | Returns the specified ServiceAccount resource. |
List | Retrieves the list of ServiceAccount resources in the specified folder. |
Create | Creates a service account in the specified folder. |
Update | Updates the specified service account. |
Delete | Deletes the specified service account. |
ListAccessBindings | Lists access bindings for the specified service account. |
SetAccessBindings | Sets access bindings for the service account. |
UpdateAccessBindings | Updates access bindings for the specified service account. |
ListOperations | Lists operations for the specified service account. |
Calls ServiceAccountService
Get
Returns the specified ServiceAccount resource.
To get the list of available ServiceAccount resources, make a List request.
rpc Get (GetServiceAccountRequest) returns (ServiceAccount)
GetServiceAccountRequest
Field | Description |
---|---|
service_account_id | string Required. ID of the ServiceAccount resource to return. To get the service account ID, use a ServiceAccountService.List request. The maximum string length in characters is 50. |
ServiceAccount
Field | Description |
---|---|
id | string ID of the service account. |
folder_id | string ID of the folder that the service account belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the service account. The name is unique within the cloud. 3-63 characters long. |
description | string Description of the service account. 0-256 characters long. |
labels | map<string,string> Resource labels as key:value pairs. Maximum of 64 per resource. |
List
Retrieves the list of ServiceAccount resources in the specified folder.
rpc List (ListServiceAccountsRequest) returns (ListServiceAccountsResponse)
ListServiceAccountsRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to list service accounts in. To get the folder ID, use a yandex.cloud.resourcemanager.v1.FolderService.List request. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListServiceAccountsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100 The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListServiceAccountsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 2000. |
filter | string A filter expression that filters resources listed in the response. The expression must specify:
|
ListServiceAccountsResponse
Field | Description |
---|---|
service_accounts[] | ServiceAccount List of ServiceAccount resources. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListServiceAccountsRequest.page_size, use the next_page_token as the value for the ListServiceAccountsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
ServiceAccount
Field | Description |
---|---|
id | string ID of the service account. |
folder_id | string ID of the folder that the service account belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the service account. The name is unique within the cloud. 3-63 characters long. |
description | string Description of the service account. 0-256 characters long. |
labels | map<string,string> Resource labels as key:value pairs. Maximum of 64 per resource. |
Create
Creates a service account in the specified folder.
rpc Create (CreateServiceAccountRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CreateServiceAccountMetadata
Operation.response:ServiceAccount
CreateServiceAccountRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to create a service account in. To get the folder ID, use a yandex.cloud.resourcemanager.v1.FolderService.List request. The maximum string length in characters is 50. |
name | string Required. Name of the service account. The name must be unique within the cloud. Value must match the regular expression |[a-z][-a-z0-9]{1,61}[a-z0-9] . |
description | string Description of the service account. The maximum string length in characters is 256. |
labels | map<string,string> Resource labels as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any<CreateServiceAccountMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any<ServiceAccount> if operation finished successfully. |
CreateServiceAccountMetadata
Field | Description |
---|---|
service_account_id | string ID of the service account that is being created. |
ServiceAccount
Field | Description |
---|---|
id | string ID of the service account. |
folder_id | string ID of the folder that the service account belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the service account. The name is unique within the cloud. 3-63 characters long. |
description | string Description of the service account. 0-256 characters long. |
labels | map<string,string> Resource labels as key:value pairs. Maximum of 64 per resource. |
Update
Updates the specified service account.
rpc Update (UpdateServiceAccountRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateServiceAccountMetadata
Operation.response:ServiceAccount
UpdateServiceAccountRequest
Field | Description |
---|---|
service_account_id | string Required. ID of the ServiceAccount resource to update. To get the service account ID, use a ServiceAccountService.List request. The maximum string length in characters is 50. |
update_mask | google.protobuf.FieldMask Field mask that specifies which fields of the ServiceAccount resource are going to be updated. |
name | string Required. Name of the service account. The name must be unique within the cloud. Value must match the regular expression |[a-z][-a-z0-9]{1,61}[a-z0-9] . |
description | string Description of the service account. The maximum string length in characters is 256. |
labels | map<string,string> Resource labels as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any<UpdateServiceAccountMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any<ServiceAccount> if operation finished successfully. |
UpdateServiceAccountMetadata
Field | Description |
---|---|
service_account_id | string ID of the ServiceAccount resource that is being updated. |
ServiceAccount
Field | Description |
---|---|
id | string ID of the service account. |
folder_id | string ID of the folder that the service account belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the service account. The name is unique within the cloud. 3-63 characters long. |
description | string Description of the service account. 0-256 characters long. |
labels | map<string,string> Resource labels as key:value pairs. Maximum of 64 per resource. |
Delete
Deletes the specified service account.
rpc Delete (DeleteServiceAccountRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeleteServiceAccountMetadata
Operation.response:google.protobuf.Empty
DeleteServiceAccountRequest
Field | Description |
---|---|
service_account_id | string Required. ID of the service account to delete. To get the service account ID, use a ServiceAccountService.List request. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any<DeleteServiceAccountMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any<google.protobuf.Empty> if operation finished successfully. |
DeleteServiceAccountMetadata
Field | Description |
---|---|
service_account_id | string ID of the service account that is being deleted. |
ListAccessBindings
Lists access bindings for the specified service account.
rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)
ListAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource to list access bindings for. To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size , the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100. |
ListAccessBindingsResponse
Field | Description |
---|---|
access_bindings[] | AccessBinding List of access bindings for the specified resource. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
SetAccessBindings
Sets access bindings for the service account.
rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:SetAccessBindingsMetadata
Operation.response:google.protobuf.Empty
SetAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request. The maximum string length in characters is 50. |
access_bindings[] | AccessBinding Required. Access bindings to be set. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any<SetAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any<google.protobuf.Empty> if operation finished successfully. |
SetAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being set. |
UpdateAccessBindings
Updates access bindings for the specified service account.
rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateAccessBindingsMetadata
Operation.response:google.protobuf.Empty
UpdateAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50. |
access_binding_deltas[] | AccessBindingDelta Required. Updates to access bindings. The number of elements must be greater than 0. |
AccessBindingDelta
Field | Description |
---|---|
action | enum AccessBindingAction Required. The action that is being performed on an access binding.
|
access_binding | AccessBinding Required. Access binding. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any<UpdateAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any<google.protobuf.Empty> if operation finished successfully. |
UpdateAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being updated. |
ListOperations
Lists operations for the specified service account.
rpc ListOperations (ListServiceAccountOperationsRequest) returns (ListServiceAccountOperationsResponse)
ListServiceAccountOperationsRequest
Field | Description |
---|---|
service_account_id | string Required. ID of the ServiceAccount resource to list operations for. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListServiceAccountOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListServiceAccountOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 2000. |
ListServiceAccountOperationsResponse
Field | Description |
---|---|
operations[] | operation.Operation List of operations for the specified service account. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListServiceAccountOperationsRequest.page_size, use the next_page_token as the value for the ListServiceAccountOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any. |