# -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/iam_admin_v1/proto/iam.proto from cloudsdk.google.protobuf.internal import enum_type_wrapper from cloudsdk.google.protobuf import descriptor as _descriptor from cloudsdk.google.protobuf import message as _message from cloudsdk.google.protobuf import reflection as _reflection from cloudsdk.google.protobuf import symbol_database as _symbol_database # @@protoc_insertion_point(imports) _sym_db = _symbol_database.Default() from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 from google.api import client_pb2 as google_dot_api_dot_client__pb2 from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2 from google.api import resource_pb2 as google_dot_api_dot_resource__pb2 from google.iam.v1 import iam_policy_pb2 as google_dot_iam_dot_v1_dot_iam__policy__pb2 from google.iam.v1 import policy_pb2 as google_dot_iam_dot_v1_dot_policy__pb2 from cloudsdk.google.protobuf import empty_pb2 as google_dot_protobuf_dot_empty__pb2 from cloudsdk.google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 from cloudsdk.google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 DESCRIPTOR = _descriptor.FileDescriptor( name='google/cloud/iam_admin_v1/proto/iam.proto', package='google.iam.admin.v1', syntax='proto3', serialized_options=b'\n\027com.google.iam.admin.v1B\010IamProtoP\001Z8google.golang.org/genproto/googleapis/iam/admin/v1;admin\370\001\001', create_key=_descriptor._internal_create_key, serialized_pb=b'\n)google/cloud/iam_admin_v1/proto/iam.proto\x12\x13google.iam.admin.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xf0\x01\n\x0eServiceAccount\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nproject_id\x18\x02 \x01(\t\x12\x11\n\tunique_id\x18\x04 \x01(\t\x12\r\n\x05\x65mail\x18\x05 \x01(\t\x12\x14\n\x0c\x64isplay_name\x18\x06 \x01(\t\x12\x0c\n\x04\x65tag\x18\x07 \x01(\x0c\x12\x18\n\x10oauth2_client_id\x18\t \x01(\t:\\\xea\x41Y\n!iam.googleapis.com/ServiceAccount\x12\x34projects/{project}/serviceAccounts/{service_account}\"\xb7\x01\n\x1b\x43reateServiceAccountRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x17\n\naccount_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12<\n\x0fservice_account\x18\x03 \x01(\x0b\x32#.google.iam.admin.v1.ServiceAccount\"\x86\x01\n\x1aListServiceAccountsRequest\x12\x41\n\x04name\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"m\n\x1bListServiceAccountsResponse\x12\x35\n\x08\x61\x63\x63ounts\x18\x01 \x03(\x0b\x32#.google.iam.admin.v1.ServiceAccount\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"S\n\x18GetServiceAccountRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\"V\n\x1b\x44\x65leteServiceAccountRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\"\xf2\x01\n\x1dListServiceAccountKeysRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\x12M\n\tkey_types\x18\x02 \x03(\x0e\x32:.google.iam.admin.v1.ListServiceAccountKeysRequest.KeyType\"I\n\x07KeyType\x12\x18\n\x14KEY_TYPE_UNSPECIFIED\x10\x00\x12\x10\n\x0cUSER_MANAGED\x10\x01\x12\x12\n\x0eSYSTEM_MANAGED\x10\x02\"V\n\x1eListServiceAccountKeysResponse\x12\x34\n\x04keys\x18\x01 \x03(\x0b\x32&.google.iam.admin.v1.ServiceAccountKey\"\x96\x01\n\x1bGetServiceAccountKeyRequest\x12,\n\x04name\x18\x01 \x01(\tB\x1e\xe0\x41\x02\xfa\x41\x18\n\x16iam.googleapis.com/Key\x12I\n\x0fpublic_key_type\x18\x02 \x01(\x0e\x32\x30.google.iam.admin.v1.ServiceAccountPublicKeyType\"\xb4\x03\n\x11ServiceAccountKey\x12\x0c\n\x04name\x18\x01 \x01(\t\x12K\n\x10private_key_type\x18\x02 \x01(\x0e\x32\x31.google.iam.admin.v1.ServiceAccountPrivateKeyType\x12\x46\n\rkey_algorithm\x18\x08 \x01(\x0e\x32/.google.iam.admin.v1.ServiceAccountKeyAlgorithm\x12\x18\n\x10private_key_data\x18\x03 \x01(\x0c\x12\x17\n\x0fpublic_key_data\x18\x07 \x01(\x0c\x12\x34\n\x10valid_after_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x35\n\x11valid_before_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp:\\\xea\x41Y\n\x16iam.googleapis.com/Key\x12?projects/{project}/serviceAccounts/{service_account}/keys/{key}\"\xee\x01\n\x1e\x43reateServiceAccountKeyRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\x12K\n\x10private_key_type\x18\x02 \x01(\x0e\x32\x31.google.iam.admin.v1.ServiceAccountPrivateKeyType\x12\x46\n\rkey_algorithm\x18\x03 \x01(\x0e\x32/.google.iam.admin.v1.ServiceAccountKeyAlgorithm\"N\n\x1e\x44\x65leteServiceAccountKeyRequest\x12,\n\x04name\x18\x01 \x01(\tB\x1e\xe0\x41\x02\xfa\x41\x18\n\x16iam.googleapis.com/Key\"f\n\x0fSignBlobRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\x12\x1a\n\rbytes_to_sign\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x02\"5\n\x10SignBlobResponse\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12\x11\n\tsignature\x18\x02 \x01(\x0c\"_\n\x0eSignJwtRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!iam.googleapis.com/ServiceAccount\x12\x14\n\x07payload\x18\x02 \x01(\tB\x03\xe0\x41\x02\"5\n\x0fSignJwtResponse\x12\x0e\n\x06key_id\x18\x01 \x01(\t\x12\x12\n\nsigned_jwt\x18\x02 \x01(\t\"\x86\x02\n\x04Role\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x1c\n\x14included_permissions\x18\x07 \x03(\t\x12\x38\n\x05stage\x18\x08 \x01(\x0e\x32).google.iam.admin.v1.Role.RoleLaunchStage\x12\x0c\n\x04\x65tag\x18\t \x01(\x0c\x12\x0f\n\x07\x64\x65leted\x18\x0b \x01(\x08\"U\n\x0fRoleLaunchStage\x12\t\n\x05\x41LPHA\x10\x00\x12\x08\n\x04\x42\x45TA\x10\x01\x12\x06\n\x02GA\x10\x02\x12\x0e\n\nDEPRECATED\x10\x04\x12\x0c\n\x08\x44ISABLED\x10\x05\x12\x07\n\x03\x45\x41P\x10\x06\"\x91\x01\n\x1aQueryGrantableRolesRequest\x12\x1f\n\x12\x66ull_resource_name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12+\n\x04view\x18\x02 \x01(\x0e\x32\x1d.google.iam.admin.v1.RoleView\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t\"`\n\x1bQueryGrantableRolesResponse\x12(\n\x05roles\x18\x01 \x03(\x0b\x32\x19.google.iam.admin.v1.Role\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\x94\x01\n\x10ListRolesRequest\x12\x16\n\x06parent\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\x12+\n\x04view\x18\x04 \x01(\x0e\x32\x1d.google.iam.admin.v1.RoleView\x12\x14\n\x0cshow_deleted\x18\x06 \x01(\x08\"V\n\x11ListRolesResponse\x12(\n\x05roles\x18\x01 \x03(\x0b\x32\x19.google.iam.admin.v1.Role\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"&\n\x0eGetRoleRequest\x12\x14\n\x04name\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\"e\n\x11\x43reateRoleRequest\x12\x16\n\x06parent\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\x12\x0f\n\x07role_id\x18\x02 \x01(\t\x12\'\n\x04role\x18\x03 \x01(\x0b\x32\x19.google.iam.admin.v1.Role\"\x83\x01\n\x11UpdateRoleRequest\x12\x14\n\x04name\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\x12\'\n\x04role\x18\x02 \x01(\x0b\x32\x19.google.iam.admin.v1.Role\x12/\n\x0bupdate_mask\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"7\n\x11\x44\x65leteRoleRequest\x12\x14\n\x04name\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\x12\x0c\n\x04\x65tag\x18\x02 \x01(\x0c\"9\n\x13UndeleteRoleRequest\x12\x14\n\x04name\x18\x01 \x01(\tB\x06\xfa\x41\x03\n\x01*\x12\x0c\n\x04\x65tag\x18\x02 \x01(\x0c\"\x93\x03\n\nPermission\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12 \n\x18only_in_predefined_roles\x18\x04 \x01(\x08\x12\x44\n\x05stage\x18\x05 \x01(\x0e\x32\x35.google.iam.admin.v1.Permission.PermissionLaunchStage\x12[\n\x1a\x63ustom_roles_support_level\x18\x06 \x01(\x0e\x32\x37.google.iam.admin.v1.Permission.CustomRolesSupportLevel\"D\n\x15PermissionLaunchStage\x12\t\n\x05\x41LPHA\x10\x00\x12\x08\n\x04\x42\x45TA\x10\x01\x12\x06\n\x02GA\x10\x02\x12\x0e\n\nDEPRECATED\x10\x03\"H\n\x17\x43ustomRolesSupportLevel\x12\r\n\tSUPPORTED\x10\x00\x12\x0b\n\x07TESTING\x10\x01\x12\x11\n\rNOT_SUPPORTED\x10\x02\"d\n\x1fQueryTestablePermissionsRequest\x12\x1a\n\x12\x66ull_resource_name\x18\x01 \x01(\t\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"q\n QueryTestablePermissionsResponse\x12\x34\n\x0bpermissions\x18\x01 \x03(\x0b\x32\x1f.google.iam.admin.v1.Permission\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t*a\n\x1aServiceAccountKeyAlgorithm\x12\x17\n\x13KEY_ALG_UNSPECIFIED\x10\x00\x12\x14\n\x10KEY_ALG_RSA_1024\x10\x01\x12\x14\n\x10KEY_ALG_RSA_2048\x10\x02*l\n\x1cServiceAccountPrivateKeyType\x12\x14\n\x10TYPE_UNSPECIFIED\x10\x00\x12\x14\n\x10TYPE_PKCS12_FILE\x10\x01\x12 \n\x1cTYPE_GOOGLE_CREDENTIALS_FILE\x10\x02*]\n\x1bServiceAccountPublicKeyType\x12\r\n\tTYPE_NONE\x10\x00\x12\x16\n\x12TYPE_X509_PEM_FILE\x10\x01\x12\x17\n\x13TYPE_RAW_PUBLIC_KEY\x10\x02*\x1f\n\x08RoleView\x12\t\n\x05\x42\x41SIC\x10\x00\x12\x08\n\x04\x46ULL\x10\x01\x32\x84\x1f\n\x03IAM\x12\xae\x01\n\x13ListServiceAccounts\x12/.google.iam.admin.v1.ListServiceAccountsRequest\x1a\x30.google.iam.admin.v1.ListServiceAccountsResponse\"4\x82\xd3\xe4\x93\x02\'\x12%/v1/{name=projects/*}/serviceAccounts\xda\x41\x04name\x12\x9f\x01\n\x11GetServiceAccount\x12-.google.iam.admin.v1.GetServiceAccountRequest\x1a#.google.iam.admin.v1.ServiceAccount\"6\x82\xd3\xe4\x93\x02)\x12\'/v1/{name=projects/*/serviceAccounts/*}\xda\x41\x04name\x12\xc1\x01\n\x14\x43reateServiceAccount\x12\x30.google.iam.admin.v1.CreateServiceAccountRequest\x1a#.google.iam.admin.v1.ServiceAccount\"R\x82\xd3\xe4\x93\x02*\"%/v1/{name=projects/*}/serviceAccounts:\x01*\xda\x41\x1fname,account_id,service_account\x12\x94\x01\n\x14UpdateServiceAccount\x12#.google.iam.admin.v1.ServiceAccount\x1a#.google.iam.admin.v1.ServiceAccount\"2\x82\xd3\xe4\x93\x02,\x1a\'/v1/{name=projects/*/serviceAccounts/*}:\x01*\x12\x98\x01\n\x14\x44\x65leteServiceAccount\x12\x30.google.iam.admin.v1.DeleteServiceAccountRequest\x1a\x16.google.protobuf.Empty\"6\x82\xd3\xe4\x93\x02)*\'/v1/{name=projects/*/serviceAccounts/*}\xda\x41\x04name\x12\xc8\x01\n\x16ListServiceAccountKeys\x12\x32.google.iam.admin.v1.ListServiceAccountKeysRequest\x1a\x33.google.iam.admin.v1.ListServiceAccountKeysResponse\"E\x82\xd3\xe4\x93\x02.\x12,/v1/{name=projects/*/serviceAccounts/*}/keys\xda\x41\x0ename,key_types\x12\xbf\x01\n\x14GetServiceAccountKey\x12\x30.google.iam.admin.v1.GetServiceAccountKeyRequest\x1a&.google.iam.admin.v1.ServiceAccountKey\"M\x82\xd3\xe4\x93\x02\x30\x12./v1/{name=projects/*/serviceAccounts/*/keys/*}\xda\x41\x14name,public_key_type\x12\xd5\x01\n\x17\x43reateServiceAccountKey\x12\x33.google.iam.admin.v1.CreateServiceAccountKeyRequest\x1a&.google.iam.admin.v1.ServiceAccountKey\"]\x82\xd3\xe4\x93\x02\x31\",/v1/{name=projects/*/serviceAccounts/*}/keys:\x01*\xda\x41#name,private_key_type,key_algorithm\x12\xa5\x01\n\x17\x44\x65leteServiceAccountKey\x12\x33.google.iam.admin.v1.DeleteServiceAccountKeyRequest\x1a\x16.google.protobuf.Empty\"=\x82\xd3\xe4\x93\x02\x30*./v1/{name=projects/*/serviceAccounts/*/keys/*}\xda\x41\x04name\x12\xa9\x01\n\x08SignBlob\x12$.google.iam.admin.v1.SignBlobRequest\x1a%.google.iam.admin.v1.SignBlobResponse\"P\x82\xd3\xe4\x93\x02\x35\"0/v1/{name=projects/*/serviceAccounts/*}:signBlob:\x01*\xda\x41\x12name,bytes_to_sign\x12\x9f\x01\n\x07SignJwt\x12#.google.iam.admin.v1.SignJwtRequest\x1a$.google.iam.admin.v1.SignJwtResponse\"I\x82\xd3\xe4\x93\x02\x34\"//v1/{name=projects/*/serviceAccounts/*}:signJwt:\x01*\xda\x41\x0cname,payload\x12\x96\x01\n\x0cGetIamPolicy\x12\".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\"K\x82\xd3\xe4\x93\x02:\"8/v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy\xda\x41\x08resource\x12\xa0\x01\n\x0cSetIamPolicy\x12\".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy\"U\x82\xd3\xe4\x93\x02=\"8/v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy:\x01*\xda\x41\x0fresource,policy\x12\xcb\x01\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse\"`\x82\xd3\xe4\x93\x02\x43\">/v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions:\x01*\xda\x41\x14resource,permissions\x12\xb7\x01\n\x13QueryGrantableRoles\x12/.google.iam.admin.v1.QueryGrantableRolesRequest\x1a\x30.google.iam.admin.v1.QueryGrantableRolesResponse\"=\x82\xd3\xe4\x93\x02\"\"\x1d/v1/roles:queryGrantableRoles:\x01*\xda\x41\x12\x66ull_resource_name\x12\xb4\x01\n\tListRoles\x12%.google.iam.admin.v1.ListRolesRequest\x1a&.google.iam.admin.v1.ListRolesResponse\"X\x82\xd3\xe4\x93\x02R\x12\t/v1/rolesZ$\x12\"/v1/{parent=organizations/*}/rolesZ\x1f\x12\x1d/v1/{parent=projects/*}/roles\x12\xac\x01\n\x07GetRole\x12#.google.iam.admin.v1.GetRoleRequest\x1a\x19.google.iam.admin.v1.Role\"a\x82\xd3\xe4\x93\x02[\x12\x12/v1/{name=roles/*}Z$\x12\"/v1/{name=organizations/*/roles/*}Z\x1f\x12\x1d/v1/{name=projects/*/roles/*}\x12\xa2\x01\n\nCreateRole\x12&.google.iam.admin.v1.CreateRoleRequest\x1a\x19.google.iam.admin.v1.Role\"Q\x82\xd3\xe4\x93\x02K\"\"/v1/{parent=organizations/*}/roles:\x01*Z\"\"\x1d/v1/{parent=projects/*}/roles:\x01*\x12\xa8\x01\n\nUpdateRole\x12&.google.iam.admin.v1.UpdateRoleRequest\x1a\x19.google.iam.admin.v1.Role\"W\x82\xd3\xe4\x93\x02Q2\"/v1/{name=organizations/*/roles/*}:\x04roleZ%2\x1d/v1/{name=projects/*/roles/*}:\x04role\x12\x9c\x01\n\nDeleteRole\x12&.google.iam.admin.v1.DeleteRoleRequest\x1a\x19.google.iam.admin.v1.Role\"K\x82\xd3\xe4\x93\x02\x45*\"/v1/{name=organizations/*/roles/*}Z\x1f*\x1d/v1/{name=projects/*/roles/*}\x12\xb8\x01\n\x0cUndeleteRole\x12(.google.iam.admin.v1.UndeleteRoleRequest\x1a\x19.google.iam.admin.v1.Role\"c\x82\xd3\xe4\x93\x02]\"+/v1/{name=organizations/*/roles/*}:undelete:\x01*Z+\"&/v1/{name=projects/*/roles/*}:undelete:\x01*\x12\xbc\x01\n\x18QueryTestablePermissions\x12\x34.google.iam.admin.v1.QueryTestablePermissionsRequest\x1a\x35.google.iam.admin.v1.QueryTestablePermissionsResponse\"3\x82\xd3\xe4\x93\x02-\"(/v1/permissions:queryTestablePermissions:\x01*\x1a\x46\xca\x41\x12iam.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformBb\n\x17\x63om.google.iam.admin.v1B\x08IamProtoP\x01Z8google.golang.org/genproto/googleapis/iam/admin/v1;admin\xf8\x01\x01\x62\x06proto3' , dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_api_dot_client__pb2.DESCRIPTOR,google_dot_api_dot_field__behavior__pb2.DESCRIPTOR,google_dot_api_dot_resource__pb2.DESCRIPTOR,google_dot_iam_dot_v1_dot_iam__policy__pb2.DESCRIPTOR,google_dot_iam_dot_v1_dot_policy__pb2.DESCRIPTOR,google_dot_protobuf_dot_empty__pb2.DESCRIPTOR,google_dot_protobuf_dot_field__mask__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,]) _SERVICEACCOUNTKEYALGORITHM = _descriptor.EnumDescriptor( name='ServiceAccountKeyAlgorithm', full_name='google.iam.admin.v1.ServiceAccountKeyAlgorithm', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='KEY_ALG_UNSPECIFIED', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='KEY_ALG_RSA_1024', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='KEY_ALG_RSA_2048', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4510, serialized_end=4607, ) _sym_db.RegisterEnumDescriptor(_SERVICEACCOUNTKEYALGORITHM) ServiceAccountKeyAlgorithm = enum_type_wrapper.EnumTypeWrapper(_SERVICEACCOUNTKEYALGORITHM) _SERVICEACCOUNTPRIVATEKEYTYPE = _descriptor.EnumDescriptor( name='ServiceAccountPrivateKeyType', full_name='google.iam.admin.v1.ServiceAccountPrivateKeyType', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='TYPE_UNSPECIFIED', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='TYPE_PKCS12_FILE', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='TYPE_GOOGLE_CREDENTIALS_FILE', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4609, serialized_end=4717, ) _sym_db.RegisterEnumDescriptor(_SERVICEACCOUNTPRIVATEKEYTYPE) ServiceAccountPrivateKeyType = enum_type_wrapper.EnumTypeWrapper(_SERVICEACCOUNTPRIVATEKEYTYPE) _SERVICEACCOUNTPUBLICKEYTYPE = _descriptor.EnumDescriptor( name='ServiceAccountPublicKeyType', full_name='google.iam.admin.v1.ServiceAccountPublicKeyType', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='TYPE_NONE', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='TYPE_X509_PEM_FILE', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='TYPE_RAW_PUBLIC_KEY', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4719, serialized_end=4812, ) _sym_db.RegisterEnumDescriptor(_SERVICEACCOUNTPUBLICKEYTYPE) ServiceAccountPublicKeyType = enum_type_wrapper.EnumTypeWrapper(_SERVICEACCOUNTPUBLICKEYTYPE) _ROLEVIEW = _descriptor.EnumDescriptor( name='RoleView', full_name='google.iam.admin.v1.RoleView', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='BASIC', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='FULL', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4814, serialized_end=4845, ) _sym_db.RegisterEnumDescriptor(_ROLEVIEW) RoleView = enum_type_wrapper.EnumTypeWrapper(_ROLEVIEW) KEY_ALG_UNSPECIFIED = 0 KEY_ALG_RSA_1024 = 1 KEY_ALG_RSA_2048 = 2 TYPE_UNSPECIFIED = 0 TYPE_PKCS12_FILE = 1 TYPE_GOOGLE_CREDENTIALS_FILE = 2 TYPE_NONE = 0 TYPE_X509_PEM_FILE = 1 TYPE_RAW_PUBLIC_KEY = 2 BASIC = 0 FULL = 1 _LISTSERVICEACCOUNTKEYSREQUEST_KEYTYPE = _descriptor.EnumDescriptor( name='KeyType', full_name='google.iam.admin.v1.ListServiceAccountKeysRequest.KeyType', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='KEY_TYPE_UNSPECIFIED', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='USER_MANAGED', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='SYSTEM_MANAGED', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=1357, serialized_end=1430, ) _sym_db.RegisterEnumDescriptor(_LISTSERVICEACCOUNTKEYSREQUEST_KEYTYPE) _ROLE_ROLELAUNCHSTAGE = _descriptor.EnumDescriptor( name='RoleLaunchStage', full_name='google.iam.admin.v1.Role.RoleLaunchStage', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='ALPHA', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='BETA', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='GA', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='DEPRECATED', index=3, number=4, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='DISABLED', index=4, number=5, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='EAP', index=5, number=6, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=2922, serialized_end=3007, ) _sym_db.RegisterEnumDescriptor(_ROLE_ROLELAUNCHSTAGE) _PERMISSION_PERMISSIONLAUNCHSTAGE = _descriptor.EnumDescriptor( name='PermissionLaunchStage', full_name='google.iam.admin.v1.Permission.PermissionLaunchStage', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='ALPHA', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='BETA', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='GA', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='DEPRECATED', index=3, number=3, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4149, serialized_end=4217, ) _sym_db.RegisterEnumDescriptor(_PERMISSION_PERMISSIONLAUNCHSTAGE) _PERMISSION_CUSTOMROLESSUPPORTLEVEL = _descriptor.EnumDescriptor( name='CustomRolesSupportLevel', full_name='google.iam.admin.v1.Permission.CustomRolesSupportLevel', filename=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key, values=[ _descriptor.EnumValueDescriptor( name='SUPPORTED', index=0, number=0, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='TESTING', index=1, number=1, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), _descriptor.EnumValueDescriptor( name='NOT_SUPPORTED', index=2, number=2, serialized_options=None, type=None, create_key=_descriptor._internal_create_key), ], containing_type=None, serialized_options=None, serialized_start=4219, serialized_end=4291, ) _sym_db.RegisterEnumDescriptor(_PERMISSION_CUSTOMROLESSUPPORTLEVEL) _SERVICEACCOUNT = _descriptor.Descriptor( name='ServiceAccount', full_name='google.iam.admin.v1.ServiceAccount', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.ServiceAccount.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='project_id', full_name='google.iam.admin.v1.ServiceAccount.project_id', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='unique_id', full_name='google.iam.admin.v1.ServiceAccount.unique_id', index=2, number=4, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='email', full_name='google.iam.admin.v1.ServiceAccount.email', index=3, number=5, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='display_name', full_name='google.iam.admin.v1.ServiceAccount.display_name', index=4, number=6, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='etag', full_name='google.iam.admin.v1.ServiceAccount.etag', index=5, number=7, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='oauth2_client_id', full_name='google.iam.admin.v1.ServiceAccount.oauth2_client_id', index=6, number=9, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=b'\352AY\n!iam.googleapis.com/ServiceAccount\0224projects/{project}/serviceAccounts/{service_account}', is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=338, serialized_end=578, ) _CREATESERVICEACCOUNTREQUEST = _descriptor.Descriptor( name='CreateServiceAccountRequest', full_name='google.iam.admin.v1.CreateServiceAccountRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.CreateServiceAccountRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A-\n+cloudresourcemanager.googleapis.com/Project', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='account_id', full_name='google.iam.admin.v1.CreateServiceAccountRequest.account_id', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='service_account', full_name='google.iam.admin.v1.CreateServiceAccountRequest.service_account', index=2, number=3, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=581, serialized_end=764, ) _LISTSERVICEACCOUNTSREQUEST = _descriptor.Descriptor( name='ListServiceAccountsRequest', full_name='google.iam.admin.v1.ListServiceAccountsRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.ListServiceAccountsRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A-\n+cloudresourcemanager.googleapis.com/Project', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_size', full_name='google.iam.admin.v1.ListServiceAccountsRequest.page_size', index=1, number=2, type=5, cpp_type=1, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_token', full_name='google.iam.admin.v1.ListServiceAccountsRequest.page_token', index=2, number=3, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=767, serialized_end=901, ) _LISTSERVICEACCOUNTSRESPONSE = _descriptor.Descriptor( name='ListServiceAccountsResponse', full_name='google.iam.admin.v1.ListServiceAccountsResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='accounts', full_name='google.iam.admin.v1.ListServiceAccountsResponse.accounts', index=0, number=1, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='next_page_token', full_name='google.iam.admin.v1.ListServiceAccountsResponse.next_page_token', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=903, serialized_end=1012, ) _GETSERVICEACCOUNTREQUEST = _descriptor.Descriptor( name='GetServiceAccountRequest', full_name='google.iam.admin.v1.GetServiceAccountRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.GetServiceAccountRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1014, serialized_end=1097, ) _DELETESERVICEACCOUNTREQUEST = _descriptor.Descriptor( name='DeleteServiceAccountRequest', full_name='google.iam.admin.v1.DeleteServiceAccountRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.DeleteServiceAccountRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1099, serialized_end=1185, ) _LISTSERVICEACCOUNTKEYSREQUEST = _descriptor.Descriptor( name='ListServiceAccountKeysRequest', full_name='google.iam.admin.v1.ListServiceAccountKeysRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.ListServiceAccountKeysRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='key_types', full_name='google.iam.admin.v1.ListServiceAccountKeysRequest.key_types', index=1, number=2, type=14, cpp_type=8, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ _LISTSERVICEACCOUNTKEYSREQUEST_KEYTYPE, ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1188, serialized_end=1430, ) _LISTSERVICEACCOUNTKEYSRESPONSE = _descriptor.Descriptor( name='ListServiceAccountKeysResponse', full_name='google.iam.admin.v1.ListServiceAccountKeysResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='keys', full_name='google.iam.admin.v1.ListServiceAccountKeysResponse.keys', index=0, number=1, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1432, serialized_end=1518, ) _GETSERVICEACCOUNTKEYREQUEST = _descriptor.Descriptor( name='GetServiceAccountKeyRequest', full_name='google.iam.admin.v1.GetServiceAccountKeyRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.GetServiceAccountKeyRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A\030\n\026iam.googleapis.com/Key', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='public_key_type', full_name='google.iam.admin.v1.GetServiceAccountKeyRequest.public_key_type', index=1, number=2, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1521, serialized_end=1671, ) _SERVICEACCOUNTKEY = _descriptor.Descriptor( name='ServiceAccountKey', full_name='google.iam.admin.v1.ServiceAccountKey', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.ServiceAccountKey.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='private_key_type', full_name='google.iam.admin.v1.ServiceAccountKey.private_key_type', index=1, number=2, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='key_algorithm', full_name='google.iam.admin.v1.ServiceAccountKey.key_algorithm', index=2, number=8, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='private_key_data', full_name='google.iam.admin.v1.ServiceAccountKey.private_key_data', index=3, number=3, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='public_key_data', full_name='google.iam.admin.v1.ServiceAccountKey.public_key_data', index=4, number=7, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='valid_after_time', full_name='google.iam.admin.v1.ServiceAccountKey.valid_after_time', index=5, number=4, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='valid_before_time', full_name='google.iam.admin.v1.ServiceAccountKey.valid_before_time', index=6, number=5, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=b'\352AY\n\026iam.googleapis.com/Key\022?projects/{project}/serviceAccounts/{service_account}/keys/{key}', is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=1674, serialized_end=2110, ) _CREATESERVICEACCOUNTKEYREQUEST = _descriptor.Descriptor( name='CreateServiceAccountKeyRequest', full_name='google.iam.admin.v1.CreateServiceAccountKeyRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.CreateServiceAccountKeyRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='private_key_type', full_name='google.iam.admin.v1.CreateServiceAccountKeyRequest.private_key_type', index=1, number=2, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='key_algorithm', full_name='google.iam.admin.v1.CreateServiceAccountKeyRequest.key_algorithm', index=2, number=3, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2113, serialized_end=2351, ) _DELETESERVICEACCOUNTKEYREQUEST = _descriptor.Descriptor( name='DeleteServiceAccountKeyRequest', full_name='google.iam.admin.v1.DeleteServiceAccountKeyRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.DeleteServiceAccountKeyRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A\030\n\026iam.googleapis.com/Key', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2353, serialized_end=2431, ) _SIGNBLOBREQUEST = _descriptor.Descriptor( name='SignBlobRequest', full_name='google.iam.admin.v1.SignBlobRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.SignBlobRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='bytes_to_sign', full_name='google.iam.admin.v1.SignBlobRequest.bytes_to_sign', index=1, number=2, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2433, serialized_end=2535, ) _SIGNBLOBRESPONSE = _descriptor.Descriptor( name='SignBlobResponse', full_name='google.iam.admin.v1.SignBlobResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='key_id', full_name='google.iam.admin.v1.SignBlobResponse.key_id', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='signature', full_name='google.iam.admin.v1.SignBlobResponse.signature', index=1, number=2, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2537, serialized_end=2590, ) _SIGNJWTREQUEST = _descriptor.Descriptor( name='SignJwtRequest', full_name='google.iam.admin.v1.SignJwtRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.SignJwtRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002\372A#\n!iam.googleapis.com/ServiceAccount', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='payload', full_name='google.iam.admin.v1.SignJwtRequest.payload', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2592, serialized_end=2687, ) _SIGNJWTRESPONSE = _descriptor.Descriptor( name='SignJwtResponse', full_name='google.iam.admin.v1.SignJwtResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='key_id', full_name='google.iam.admin.v1.SignJwtResponse.key_id', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='signed_jwt', full_name='google.iam.admin.v1.SignJwtResponse.signed_jwt', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2689, serialized_end=2742, ) _ROLE = _descriptor.Descriptor( name='Role', full_name='google.iam.admin.v1.Role', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.Role.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='title', full_name='google.iam.admin.v1.Role.title', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='description', full_name='google.iam.admin.v1.Role.description', index=2, number=3, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='included_permissions', full_name='google.iam.admin.v1.Role.included_permissions', index=3, number=7, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='stage', full_name='google.iam.admin.v1.Role.stage', index=4, number=8, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='etag', full_name='google.iam.admin.v1.Role.etag', index=5, number=9, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='deleted', full_name='google.iam.admin.v1.Role.deleted', index=6, number=11, type=8, cpp_type=7, label=1, has_default_value=False, default_value=False, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ _ROLE_ROLELAUNCHSTAGE, ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=2745, serialized_end=3007, ) _QUERYGRANTABLEROLESREQUEST = _descriptor.Descriptor( name='QueryGrantableRolesRequest', full_name='google.iam.admin.v1.QueryGrantableRolesRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='full_resource_name', full_name='google.iam.admin.v1.QueryGrantableRolesRequest.full_resource_name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\340A\002', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='view', full_name='google.iam.admin.v1.QueryGrantableRolesRequest.view', index=1, number=2, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_size', full_name='google.iam.admin.v1.QueryGrantableRolesRequest.page_size', index=2, number=3, type=5, cpp_type=1, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_token', full_name='google.iam.admin.v1.QueryGrantableRolesRequest.page_token', index=3, number=4, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3010, serialized_end=3155, ) _QUERYGRANTABLEROLESRESPONSE = _descriptor.Descriptor( name='QueryGrantableRolesResponse', full_name='google.iam.admin.v1.QueryGrantableRolesResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='roles', full_name='google.iam.admin.v1.QueryGrantableRolesResponse.roles', index=0, number=1, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='next_page_token', full_name='google.iam.admin.v1.QueryGrantableRolesResponse.next_page_token', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3157, serialized_end=3253, ) _LISTROLESREQUEST = _descriptor.Descriptor( name='ListRolesRequest', full_name='google.iam.admin.v1.ListRolesRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='parent', full_name='google.iam.admin.v1.ListRolesRequest.parent', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_size', full_name='google.iam.admin.v1.ListRolesRequest.page_size', index=1, number=2, type=5, cpp_type=1, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_token', full_name='google.iam.admin.v1.ListRolesRequest.page_token', index=2, number=3, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='view', full_name='google.iam.admin.v1.ListRolesRequest.view', index=3, number=4, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='show_deleted', full_name='google.iam.admin.v1.ListRolesRequest.show_deleted', index=4, number=6, type=8, cpp_type=7, label=1, has_default_value=False, default_value=False, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3256, serialized_end=3404, ) _LISTROLESRESPONSE = _descriptor.Descriptor( name='ListRolesResponse', full_name='google.iam.admin.v1.ListRolesResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='roles', full_name='google.iam.admin.v1.ListRolesResponse.roles', index=0, number=1, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='next_page_token', full_name='google.iam.admin.v1.ListRolesResponse.next_page_token', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3406, serialized_end=3492, ) _GETROLEREQUEST = _descriptor.Descriptor( name='GetRoleRequest', full_name='google.iam.admin.v1.GetRoleRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.GetRoleRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3494, serialized_end=3532, ) _CREATEROLEREQUEST = _descriptor.Descriptor( name='CreateRoleRequest', full_name='google.iam.admin.v1.CreateRoleRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='parent', full_name='google.iam.admin.v1.CreateRoleRequest.parent', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='role_id', full_name='google.iam.admin.v1.CreateRoleRequest.role_id', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='role', full_name='google.iam.admin.v1.CreateRoleRequest.role', index=2, number=3, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3534, serialized_end=3635, ) _UPDATEROLEREQUEST = _descriptor.Descriptor( name='UpdateRoleRequest', full_name='google.iam.admin.v1.UpdateRoleRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.UpdateRoleRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='role', full_name='google.iam.admin.v1.UpdateRoleRequest.role', index=1, number=2, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='update_mask', full_name='google.iam.admin.v1.UpdateRoleRequest.update_mask', index=2, number=3, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3638, serialized_end=3769, ) _DELETEROLEREQUEST = _descriptor.Descriptor( name='DeleteRoleRequest', full_name='google.iam.admin.v1.DeleteRoleRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.DeleteRoleRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='etag', full_name='google.iam.admin.v1.DeleteRoleRequest.etag', index=1, number=2, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3771, serialized_end=3826, ) _UNDELETEROLEREQUEST = _descriptor.Descriptor( name='UndeleteRoleRequest', full_name='google.iam.admin.v1.UndeleteRoleRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.UndeleteRoleRequest.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=b'\372A\003\n\001*', file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='etag', full_name='google.iam.admin.v1.UndeleteRoleRequest.etag', index=1, number=2, type=12, cpp_type=9, label=1, has_default_value=False, default_value=b"", message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3828, serialized_end=3885, ) _PERMISSION = _descriptor.Descriptor( name='Permission', full_name='google.iam.admin.v1.Permission', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='name', full_name='google.iam.admin.v1.Permission.name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='title', full_name='google.iam.admin.v1.Permission.title', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='description', full_name='google.iam.admin.v1.Permission.description', index=2, number=3, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='only_in_predefined_roles', full_name='google.iam.admin.v1.Permission.only_in_predefined_roles', index=3, number=4, type=8, cpp_type=7, label=1, has_default_value=False, default_value=False, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='stage', full_name='google.iam.admin.v1.Permission.stage', index=4, number=5, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='custom_roles_support_level', full_name='google.iam.admin.v1.Permission.custom_roles_support_level', index=5, number=6, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ _PERMISSION_PERMISSIONLAUNCHSTAGE, _PERMISSION_CUSTOMROLESSUPPORTLEVEL, ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=3888, serialized_end=4291, ) _QUERYTESTABLEPERMISSIONSREQUEST = _descriptor.Descriptor( name='QueryTestablePermissionsRequest', full_name='google.iam.admin.v1.QueryTestablePermissionsRequest', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='full_resource_name', full_name='google.iam.admin.v1.QueryTestablePermissionsRequest.full_resource_name', index=0, number=1, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_size', full_name='google.iam.admin.v1.QueryTestablePermissionsRequest.page_size', index=1, number=2, type=5, cpp_type=1, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='page_token', full_name='google.iam.admin.v1.QueryTestablePermissionsRequest.page_token', index=2, number=3, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=4293, serialized_end=4393, ) _QUERYTESTABLEPERMISSIONSRESPONSE = _descriptor.Descriptor( name='QueryTestablePermissionsResponse', full_name='google.iam.admin.v1.QueryTestablePermissionsResponse', filename=None, file=DESCRIPTOR, containing_type=None, create_key=_descriptor._internal_create_key, fields=[ _descriptor.FieldDescriptor( name='permissions', full_name='google.iam.admin.v1.QueryTestablePermissionsResponse.permissions', index=0, number=1, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), _descriptor.FieldDescriptor( name='next_page_token', full_name='google.iam.admin.v1.QueryTestablePermissionsResponse.next_page_token', index=1, number=2, type=9, cpp_type=9, label=1, has_default_value=False, default_value=b"".decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key), ], extensions=[ ], nested_types=[], enum_types=[ ], serialized_options=None, is_extendable=False, syntax='proto3', extension_ranges=[], oneofs=[ ], serialized_start=4395, serialized_end=4508, ) _CREATESERVICEACCOUNTREQUEST.fields_by_name['service_account'].message_type = _SERVICEACCOUNT _LISTSERVICEACCOUNTSRESPONSE.fields_by_name['accounts'].message_type = _SERVICEACCOUNT _LISTSERVICEACCOUNTKEYSREQUEST.fields_by_name['key_types'].enum_type = _LISTSERVICEACCOUNTKEYSREQUEST_KEYTYPE _LISTSERVICEACCOUNTKEYSREQUEST_KEYTYPE.containing_type = _LISTSERVICEACCOUNTKEYSREQUEST _LISTSERVICEACCOUNTKEYSRESPONSE.fields_by_name['keys'].message_type = _SERVICEACCOUNTKEY _GETSERVICEACCOUNTKEYREQUEST.fields_by_name['public_key_type'].enum_type = _SERVICEACCOUNTPUBLICKEYTYPE _SERVICEACCOUNTKEY.fields_by_name['private_key_type'].enum_type = _SERVICEACCOUNTPRIVATEKEYTYPE _SERVICEACCOUNTKEY.fields_by_name['key_algorithm'].enum_type = _SERVICEACCOUNTKEYALGORITHM _SERVICEACCOUNTKEY.fields_by_name['valid_after_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP _SERVICEACCOUNTKEY.fields_by_name['valid_before_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP _CREATESERVICEACCOUNTKEYREQUEST.fields_by_name['private_key_type'].enum_type = _SERVICEACCOUNTPRIVATEKEYTYPE _CREATESERVICEACCOUNTKEYREQUEST.fields_by_name['key_algorithm'].enum_type = _SERVICEACCOUNTKEYALGORITHM _ROLE.fields_by_name['stage'].enum_type = _ROLE_ROLELAUNCHSTAGE _ROLE_ROLELAUNCHSTAGE.containing_type = _ROLE _QUERYGRANTABLEROLESREQUEST.fields_by_name['view'].enum_type = _ROLEVIEW _QUERYGRANTABLEROLESRESPONSE.fields_by_name['roles'].message_type = _ROLE _LISTROLESREQUEST.fields_by_name['view'].enum_type = _ROLEVIEW _LISTROLESRESPONSE.fields_by_name['roles'].message_type = _ROLE _CREATEROLEREQUEST.fields_by_name['role'].message_type = _ROLE _UPDATEROLEREQUEST.fields_by_name['role'].message_type = _ROLE _UPDATEROLEREQUEST.fields_by_name['update_mask'].message_type = google_dot_protobuf_dot_field__mask__pb2._FIELDMASK _PERMISSION.fields_by_name['stage'].enum_type = _PERMISSION_PERMISSIONLAUNCHSTAGE _PERMISSION.fields_by_name['custom_roles_support_level'].enum_type = _PERMISSION_CUSTOMROLESSUPPORTLEVEL _PERMISSION_PERMISSIONLAUNCHSTAGE.containing_type = _PERMISSION _PERMISSION_CUSTOMROLESSUPPORTLEVEL.containing_type = _PERMISSION _QUERYTESTABLEPERMISSIONSRESPONSE.fields_by_name['permissions'].message_type = _PERMISSION DESCRIPTOR.message_types_by_name['ServiceAccount'] = _SERVICEACCOUNT DESCRIPTOR.message_types_by_name['CreateServiceAccountRequest'] = _CREATESERVICEACCOUNTREQUEST DESCRIPTOR.message_types_by_name['ListServiceAccountsRequest'] = _LISTSERVICEACCOUNTSREQUEST DESCRIPTOR.message_types_by_name['ListServiceAccountsResponse'] = _LISTSERVICEACCOUNTSRESPONSE DESCRIPTOR.message_types_by_name['GetServiceAccountRequest'] = _GETSERVICEACCOUNTREQUEST DESCRIPTOR.message_types_by_name['DeleteServiceAccountRequest'] = _DELETESERVICEACCOUNTREQUEST DESCRIPTOR.message_types_by_name['ListServiceAccountKeysRequest'] = _LISTSERVICEACCOUNTKEYSREQUEST DESCRIPTOR.message_types_by_name['ListServiceAccountKeysResponse'] = _LISTSERVICEACCOUNTKEYSRESPONSE DESCRIPTOR.message_types_by_name['GetServiceAccountKeyRequest'] = _GETSERVICEACCOUNTKEYREQUEST DESCRIPTOR.message_types_by_name['ServiceAccountKey'] = _SERVICEACCOUNTKEY DESCRIPTOR.message_types_by_name['CreateServiceAccountKeyRequest'] = _CREATESERVICEACCOUNTKEYREQUEST DESCRIPTOR.message_types_by_name['DeleteServiceAccountKeyRequest'] = _DELETESERVICEACCOUNTKEYREQUEST DESCRIPTOR.message_types_by_name['SignBlobRequest'] = _SIGNBLOBREQUEST DESCRIPTOR.message_types_by_name['SignBlobResponse'] = _SIGNBLOBRESPONSE DESCRIPTOR.message_types_by_name['SignJwtRequest'] = _SIGNJWTREQUEST DESCRIPTOR.message_types_by_name['SignJwtResponse'] = _SIGNJWTRESPONSE DESCRIPTOR.message_types_by_name['Role'] = _ROLE DESCRIPTOR.message_types_by_name['QueryGrantableRolesRequest'] = _QUERYGRANTABLEROLESREQUEST DESCRIPTOR.message_types_by_name['QueryGrantableRolesResponse'] = _QUERYGRANTABLEROLESRESPONSE DESCRIPTOR.message_types_by_name['ListRolesRequest'] = _LISTROLESREQUEST DESCRIPTOR.message_types_by_name['ListRolesResponse'] = _LISTROLESRESPONSE DESCRIPTOR.message_types_by_name['GetRoleRequest'] = _GETROLEREQUEST DESCRIPTOR.message_types_by_name['CreateRoleRequest'] = _CREATEROLEREQUEST DESCRIPTOR.message_types_by_name['UpdateRoleRequest'] = _UPDATEROLEREQUEST DESCRIPTOR.message_types_by_name['DeleteRoleRequest'] = _DELETEROLEREQUEST DESCRIPTOR.message_types_by_name['UndeleteRoleRequest'] = _UNDELETEROLEREQUEST DESCRIPTOR.message_types_by_name['Permission'] = _PERMISSION DESCRIPTOR.message_types_by_name['QueryTestablePermissionsRequest'] = _QUERYTESTABLEPERMISSIONSREQUEST DESCRIPTOR.message_types_by_name['QueryTestablePermissionsResponse'] = _QUERYTESTABLEPERMISSIONSRESPONSE DESCRIPTOR.enum_types_by_name['ServiceAccountKeyAlgorithm'] = _SERVICEACCOUNTKEYALGORITHM DESCRIPTOR.enum_types_by_name['ServiceAccountPrivateKeyType'] = _SERVICEACCOUNTPRIVATEKEYTYPE DESCRIPTOR.enum_types_by_name['ServiceAccountPublicKeyType'] = _SERVICEACCOUNTPUBLICKEYTYPE DESCRIPTOR.enum_types_by_name['RoleView'] = _ROLEVIEW _sym_db.RegisterFileDescriptor(DESCRIPTOR) ServiceAccount = _reflection.GeneratedProtocolMessageType('ServiceAccount', (_message.Message,), { 'DESCRIPTOR' : _SERVICEACCOUNT, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """A service account in the Identity and Access Management API. To create a service account, specify the ``project_id`` and the ``account_id`` for the account. The ``account_id`` is unique within the project, and is used to generate the service account email address and a stable ``unique_id``. If the account already exists, the account’s resource name is returned in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller can use the name in other methods to access the account. All other methods can identify the service account using the format ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. Attributes: name: The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Requests using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the ``account`` and the ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. In responses the resource name will always be in the format ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. project_id: @OutputOnly The id of the project that owns the service account. unique_id: @OutputOnly The unique and stable id of the service account. email: @OutputOnly The email address of the service account. display_name: Optional. A user-specified name for the service account. Must be less than or equal to 100 UTF-8 bytes. etag: Optional. Note: ``etag`` is an inoperable legacy field that is only returned for backwards compatibility. oauth2_client_id: @OutputOnly. The OAuth2 client id for the service account. This is used in conjunction with the OAuth2 clientconfig API to make three legged OAuth2 (3LO) flows to access the data of Google users. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ServiceAccount) }) _sym_db.RegisterMessage(ServiceAccount) CreateServiceAccountRequest = _reflection.GeneratedProtocolMessageType('CreateServiceAccountRequest', (_message.Message,), { 'DESCRIPTOR' : _CREATESERVICEACCOUNTREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account create request. Attributes: name: Required. The resource name of the project associated with the service accounts, such as ``projects/my-project-123``. account_id: Required. The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression ``[a-z]([-a-z0-9]*[a-z0-9])`` to comply with RFC1035. service_account: The [ServiceAccount][google.iam.admin.v1.ServiceAccount] resource to create. Currently, only the following values are user assignable: ``display_name`` and ``description``. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.CreateServiceAccountRequest) }) _sym_db.RegisterMessage(CreateServiceAccountRequest) ListServiceAccountsRequest = _reflection.GeneratedProtocolMessageType('ListServiceAccountsRequest', (_message.Message,), { 'DESCRIPTOR' : _LISTSERVICEACCOUNTSREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account list request. Attributes: name: Required. The resource name of the project associated with the service accounts, such as ``projects/my-project-123``. page_size: Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the [ListServiceAccountsResponse.next_page_token][go ogle.iam.admin.v1.ListServiceAccountsResponse.next_page_token] in a subsequent request. page_token: Optional pagination token returned in an earlier [ListServiceA ccountsResponse.next_page_token][google.iam.admin.v1.ListServi ceAccountsResponse.next_page_token]. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListServiceAccountsRequest) }) _sym_db.RegisterMessage(ListServiceAccountsRequest) ListServiceAccountsResponse = _reflection.GeneratedProtocolMessageType('ListServiceAccountsResponse', (_message.Message,), { 'DESCRIPTOR' : _LISTSERVICEACCOUNTSRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account list response. Attributes: accounts: The list of matching service accounts. next_page_token: To retrieve the next page of results, set [ListServiceAccounts Request.page_token][google.iam.admin.v1.ListServiceAccountsReq uest.page_token] to this value. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListServiceAccountsResponse) }) _sym_db.RegisterMessage(ListServiceAccountsResponse) GetServiceAccountRequest = _reflection.GeneratedProtocolMessageType('GetServiceAccountRequest', (_message.Message,), { 'DESCRIPTOR' : _GETSERVICEACCOUNTREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account get request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.GetServiceAccountRequest) }) _sym_db.RegisterMessage(GetServiceAccountRequest) DeleteServiceAccountRequest = _reflection.GeneratedProtocolMessageType('DeleteServiceAccountRequest', (_message.Message,), { 'DESCRIPTOR' : _DELETESERVICEACCOUNTREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account delete request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.DeleteServiceAccountRequest) }) _sym_db.RegisterMessage(DeleteServiceAccountRequest) ListServiceAccountKeysRequest = _reflection.GeneratedProtocolMessageType('ListServiceAccountKeysRequest', (_message.Message,), { 'DESCRIPTOR' : _LISTSERVICEACCOUNTKEYSREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account keys list request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID``, will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. key_types: Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListServiceAccountKeysRequest) }) _sym_db.RegisterMessage(ListServiceAccountKeysRequest) ListServiceAccountKeysResponse = _reflection.GeneratedProtocolMessageType('ListServiceAccountKeysResponse', (_message.Message,), { 'DESCRIPTOR' : _LISTSERVICEACCOUNTKEYSRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account keys list response. Attributes: keys: The public keys for the service account. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListServiceAccountKeysResponse) }) _sym_db.RegisterMessage(ListServiceAccountKeysResponse) GetServiceAccountKeyRequest = _reflection.GeneratedProtocolMessageType('GetServiceAccountKeyRequest', (_message.Message,), { 'DESCRIPTOR' : _GETSERVICEACCOUNTKEYREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account key get by id request. Attributes: name: Required. The resource name of the service account key in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACC OUNT}/keys/{key}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. public_key_type: The output format of the public key requested. X509_PEM is the default output format. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.GetServiceAccountKeyRequest) }) _sym_db.RegisterMessage(GetServiceAccountKeyRequest) ServiceAccountKey = _reflection.GeneratedProtocolMessageType('ServiceAccountKey', (_message.Message,), { 'DESCRIPTOR' : _SERVICEACCOUNTKEY, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key’s lifetime. We recommend caching the public key set for a service account for no more than 24 hours to ensure you have access to the latest keys. Public keys for all service accounts are also published at the OAuth2 Service Account API. Attributes: name: The resource name of the service account key in the following format ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/ {key}``. private_key_type: The output format for the private key. Only provided in ``CreateServiceAccountKey`` responses, not in ``GetServiceAccountKey`` or ``ListServiceAccountKey`` responses. Google never exposes system-managed private keys, and never retains user-managed private keys. key_algorithm: Specifies the algorithm (and possibly key size) for the key. private_key_data: The private key data. Only provided in ``CreateServiceAccountKey`` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account. public_key_data: The public key data. Only provided in ``GetServiceAccountKey`` responses. valid_after_time: The key can be used after this timestamp. valid_before_time: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ServiceAccountKey) }) _sym_db.RegisterMessage(ServiceAccountKey) CreateServiceAccountKeyRequest = _reflection.GeneratedProtocolMessageType('CreateServiceAccountKeyRequest', (_message.Message,), { 'DESCRIPTOR' : _CREATESERVICEACCOUNTKEYREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account key create request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. private_key_type: The output format of the private key. The default value is ``TYPE_GOOGLE_CREDENTIALS_FILE``, which is the Google Credentials File format. key_algorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.CreateServiceAccountKeyRequest) }) _sym_db.RegisterMessage(CreateServiceAccountKeyRequest) DeleteServiceAccountKeyRequest = _reflection.GeneratedProtocolMessageType('DeleteServiceAccountKeyRequest', (_message.Message,), { 'DESCRIPTOR' : _DELETESERVICEACCOUNTKEYREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account key delete request. Attributes: name: Required. The resource name of the service account key in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACC OUNT}/keys/{key}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.DeleteServiceAccountKeyRequest) }) _sym_db.RegisterMessage(DeleteServiceAccountKeyRequest) SignBlobRequest = _reflection.GeneratedProtocolMessageType('SignBlobRequest', (_message.Message,), { 'DESCRIPTOR' : _SIGNBLOBREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account sign blob request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. bytes_to_sign: Required. The bytes to sign. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.SignBlobRequest) }) _sym_db.RegisterMessage(SignBlobRequest) SignBlobResponse = _reflection.GeneratedProtocolMessageType('SignBlobResponse', (_message.Message,), { 'DESCRIPTOR' : _SIGNBLOBRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account sign blob response. Attributes: key_id: The id of the key used to sign the blob. signature: The signed blob. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.SignBlobResponse) }) _sym_db.RegisterMessage(SignBlobResponse) SignJwtRequest = _reflection.GeneratedProtocolMessageType('SignJwtRequest', (_message.Message,), { 'DESCRIPTOR' : _SIGNJWTREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account sign JWT request. Attributes: name: Required. The resource name of the service account in the following format: ``projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}``. Using ``-`` as a wildcard for the ``PROJECT_ID`` will infer the project from the account. The ``ACCOUNT`` value can be the ``email`` address or the ``unique_id`` of the service account. payload: Required. The JWT payload to sign, a JSON JWT Claim set. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.SignJwtRequest) }) _sym_db.RegisterMessage(SignJwtRequest) SignJwtResponse = _reflection.GeneratedProtocolMessageType('SignJwtResponse', (_message.Message,), { 'DESCRIPTOR' : _SIGNJWTRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The service account sign JWT response. Attributes: key_id: The id of the key used to sign the JWT. signed_jwt: The signed JWT. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.SignJwtResponse) }) _sym_db.RegisterMessage(SignJwtResponse) Role = _reflection.GeneratedProtocolMessageType('Role', (_message.Message,), { 'DESCRIPTOR' : _ROLE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """A role in the Identity and Access Management API. Attributes: name: The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. title: Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. description: Optional. A human-readable description for the role. included_permissions: The names of the permissions this role grants when bound in an IAM policy. stage: The current launch stage of the role. If the ``ALPHA`` launch stage has been selected for a role, the ``stage`` field will not be included in the returned definition for the role. etag: Used to perform a consistent read-modify-write. deleted: The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.Role) }) _sym_db.RegisterMessage(Role) QueryGrantableRolesRequest = _reflection.GeneratedProtocolMessageType('QueryGrantableRolesRequest', (_message.Message,), { 'DESCRIPTOR' : _QUERYGRANTABLEROLESREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The grantable role query request. Attributes: full_resource_name: Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id ``my-project`` will be named ``//cloudresourcemanager.googleapis.com/projects/my-project``. page_size: Optional limit on the number of roles to include in the response. page_token: Optional pagination token returned in an earlier QueryGrantableRolesResponse. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.QueryGrantableRolesRequest) }) _sym_db.RegisterMessage(QueryGrantableRolesRequest) QueryGrantableRolesResponse = _reflection.GeneratedProtocolMessageType('QueryGrantableRolesResponse', (_message.Message,), { 'DESCRIPTOR' : _QUERYGRANTABLEROLESRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The grantable role query response. Attributes: roles: The list of matching roles. next_page_token: To retrieve the next page of results, set ``QueryGrantableRolesRequest.page_token`` to this value. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.QueryGrantableRolesResponse) }) _sym_db.RegisterMessage(QueryGrantableRolesResponse) ListRolesRequest = _reflection.GeneratedProtocolMessageType('ListRolesRequest', (_message.Message,), { 'DESCRIPTOR' : _LISTROLESREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to get all roles defined under a resource. Attributes: parent: The ``parent`` parameter’s value depends on the target resource for the request, namely ```roles`` `__, ```projects`` `__, or ```organizations`` `__. Each resource type’s ``parent`` value format is described below: - ```roles.list()`` `__: An empty string. This method doesn’t require a resource; it simply returns all `predefined roles `__ in Cloud IAM. Example request URL: ``https://iam.googleapis.com/v1/roles`` - ```projects.roles.list()`` `__: ``projects/{PROJECT_ID}``. This method lists all project-level `custom roles `__. Example request URL: ``https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`` - ```organizations.roles.list()`` `__: ``organizations/{ORGANIZATION_ID}``. This method lists all organization-level `custom roles `__. Example request URL: ``https://iam.google apis.com/v1/organizations/{ORGANIZATION_ID}/roles`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. page_size: Optional limit on the number of roles to include in the response. page_token: Optional pagination token returned in an earlier ListRolesResponse. view: Optional view for the returned Role objects. When ``FULL`` is specified, the ``includedPermissions`` field is returned, which includes a list of all permissions in the role. The default value is ``BASIC``, which does not return the ``includedPermissions`` field. show_deleted: Include Roles that have been deleted. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListRolesRequest) }) _sym_db.RegisterMessage(ListRolesRequest) ListRolesResponse = _reflection.GeneratedProtocolMessageType('ListRolesResponse', (_message.Message,), { 'DESCRIPTOR' : _LISTROLESRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The response containing the roles defined under a resource. Attributes: roles: The Roles defined on this resource. next_page_token: To retrieve the next page of results, set ``ListRolesRequest.page_token`` to this value. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.ListRolesResponse) }) _sym_db.RegisterMessage(ListRolesResponse) GetRoleRequest = _reflection.GeneratedProtocolMessageType('GetRoleRequest', (_message.Message,), { 'DESCRIPTOR' : _GETROLEREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to get the definition of an existing role. Attributes: name: The ``name`` parameter’s value depends on the target resource for the request, namely ```roles`` `__, ```projects`` `__, or ```organizations`` `__. Each resource type’s ``name`` value format is described below: - ```roles.get()`` `__: ``roles/{ROLE_NAME}``. This method returns results from all `predefined roles `__ in Cloud IAM. Example request URL: ``https://iam.googleapis.com/v1/roles/{ROLE_NAME}`` - ```projects.roles.get()`` `__: ``projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}``. This method returns only `custom roles `__ that have been created at the project level. Example request URL: ``https://iam.googleapis.com/v1/projec ts/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`` - ```organizations.roles.get()`` `__: ``organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}``. This method returns only `custom roles `__ that have been created at the organization level. Example request URL: ``h ttps://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/r oles/{CUSTOM_ROLE_ID}`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.GetRoleRequest) }) _sym_db.RegisterMessage(GetRoleRequest) CreateRoleRequest = _reflection.GeneratedProtocolMessageType('CreateRoleRequest', (_message.Message,), { 'DESCRIPTOR' : _CREATEROLEREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to create a new role. Attributes: parent: The ``parent`` parameter’s value depends on the target resource for the request, namely ```projects`` `__ or ```organizations`` `__. Each resource type’s ``parent`` value format is described below: - ```projects.roles.create()`` `__: ``projects/{PROJECT_ID}``. This method creates project-level `custom roles `__. Example request URL: ``https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`` - ```organizations.roles.create()`` `__: ``organizations/{ORGANIZATION_ID}``. This method creates organization-level `custom roles `__. Example request URL: ``https://iam.google apis.com/v1/organizations/{ORGANIZATION_ID}/roles`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. role_id: The role ID to use for this role. role: The Role resource to create. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.CreateRoleRequest) }) _sym_db.RegisterMessage(CreateRoleRequest) UpdateRoleRequest = _reflection.GeneratedProtocolMessageType('UpdateRoleRequest', (_message.Message,), { 'DESCRIPTOR' : _UPDATEROLEREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to update a role. Attributes: name: The ``name`` parameter’s value depends on the target resource for the request, namely ```projects`` `__ or ```organizations`` `__. Each resource type’s ``name`` value format is described below: - ```projects.roles.patch()`` `__: ``projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}``. This method updates only `custom roles `__ that have been created at the project level. Example request URL: ``https://iam.googleapis.com/v1/projec ts/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`` - ```organizations.roles.patch()`` `__: ``organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}``. This method updates only `custom roles `__ that have been created at the organization level. Example request URL: ``h ttps://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/r oles/{CUSTOM_ROLE_ID}`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. role: The updated role. update_mask: A mask describing which fields in the Role have changed. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.UpdateRoleRequest) }) _sym_db.RegisterMessage(UpdateRoleRequest) DeleteRoleRequest = _reflection.GeneratedProtocolMessageType('DeleteRoleRequest', (_message.Message,), { 'DESCRIPTOR' : _DELETEROLEREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to delete an existing role. Attributes: name: The ``name`` parameter’s value depends on the target resource for the request, namely ```projects`` `__ or ```organizations`` `__. Each resource type’s ``name`` value format is described below: - ```projects.roles.delete()`` `__: ``projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}``. This method deletes only `custom roles `__ that have been created at the project level. Example request URL: ``https://iam.googleapis.com/v1/projec ts/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`` - ```organizations.roles.delete()`` `__: ``organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}``. This method deletes only `custom roles `__ that have been created at the organization level. Example request URL: ``h ttps://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/r oles/{CUSTOM_ROLE_ID}`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. etag: Used to perform a consistent read-modify-write. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.DeleteRoleRequest) }) _sym_db.RegisterMessage(DeleteRoleRequest) UndeleteRoleRequest = _reflection.GeneratedProtocolMessageType('UndeleteRoleRequest', (_message.Message,), { 'DESCRIPTOR' : _UNDELETEROLEREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The request to undelete an existing role. Attributes: name: The ``name`` parameter’s value depends on the target resource for the request, namely ```projects`` `__ or ```organizations`` `__. Each resource type’s ``name`` value format is described below: - ```projects.roles.undelete()`` `__: ``projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}``. This method undeletes only `custom roles `__ that have been created at the project level. Example request URL: ``https://iam.googleapis.com/v1 /projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`` - ```organizations.roles.undelete()`` `__: ``organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}``. This method undeletes only `custom roles `__ that have been created at the organization level. Example request URL: ``h ttps://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/r oles/{CUSTOM_ROLE_ID}`` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. etag: Used to perform a consistent read-modify-write. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.UndeleteRoleRequest) }) _sym_db.RegisterMessage(UndeleteRoleRequest) Permission = _reflection.GeneratedProtocolMessageType('Permission', (_message.Message,), { 'DESCRIPTOR' : _PERMISSION, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """A permission which can be included by a role. Attributes: name: The name of this Permission. title: The title of this Permission. description: A brief description of what this Permission is used for. This permission can ONLY be used in predefined roles. only_in_predefined_roles: This permission can ONLY be used in predefined roles. stage: The current launch stage of the permission. custom_roles_support_level: The current custom role support level. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.Permission) }) _sym_db.RegisterMessage(Permission) QueryTestablePermissionsRequest = _reflection.GeneratedProtocolMessageType('QueryTestablePermissionsRequest', (_message.Message,), { 'DESCRIPTOR' : _QUERYTESTABLEPERMISSIONSREQUEST, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """A request to get permissions which can be tested on a resource. Attributes: full_resource_name: Required. The full resource name to query from the list of testable permissions. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id ``my-project`` will be named ``//cloudresourcemanager.googleapis.com/projects/my-project``. page_size: Optional limit on the number of permissions to include in the response. page_token: Optional pagination token returned in an earlier QueryTestablePermissionsRequest. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.QueryTestablePermissionsRequest) }) _sym_db.RegisterMessage(QueryTestablePermissionsRequest) QueryTestablePermissionsResponse = _reflection.GeneratedProtocolMessageType('QueryTestablePermissionsResponse', (_message.Message,), { 'DESCRIPTOR' : _QUERYTESTABLEPERMISSIONSRESPONSE, '__module__' : 'google.cloud.iam_admin_v1.proto.iam_pb2' , '__doc__': """The response containing permissions which can be tested on a resource. Attributes: permissions: The Permissions testable on the requested resource. next_page_token: To retrieve the next page of results, set ``QueryTestableRolesRequest.page_token`` to this value. """, # @@protoc_insertion_point(class_scope:google.iam.admin.v1.QueryTestablePermissionsResponse) }) _sym_db.RegisterMessage(QueryTestablePermissionsResponse) DESCRIPTOR._options = None _SERVICEACCOUNT._options = None _CREATESERVICEACCOUNTREQUEST.fields_by_name['name']._options = None _CREATESERVICEACCOUNTREQUEST.fields_by_name['account_id']._options = None _LISTSERVICEACCOUNTSREQUEST.fields_by_name['name']._options = None _GETSERVICEACCOUNTREQUEST.fields_by_name['name']._options = None _DELETESERVICEACCOUNTREQUEST.fields_by_name['name']._options = None _LISTSERVICEACCOUNTKEYSREQUEST.fields_by_name['name']._options = None _GETSERVICEACCOUNTKEYREQUEST.fields_by_name['name']._options = None _SERVICEACCOUNTKEY._options = None _CREATESERVICEACCOUNTKEYREQUEST.fields_by_name['name']._options = None _DELETESERVICEACCOUNTKEYREQUEST.fields_by_name['name']._options = None _SIGNBLOBREQUEST.fields_by_name['name']._options = None _SIGNBLOBREQUEST.fields_by_name['bytes_to_sign']._options = None _SIGNJWTREQUEST.fields_by_name['name']._options = None _SIGNJWTREQUEST.fields_by_name['payload']._options = None _QUERYGRANTABLEROLESREQUEST.fields_by_name['full_resource_name']._options = None _LISTROLESREQUEST.fields_by_name['parent']._options = None _GETROLEREQUEST.fields_by_name['name']._options = None _CREATEROLEREQUEST.fields_by_name['parent']._options = None _UPDATEROLEREQUEST.fields_by_name['name']._options = None _DELETEROLEREQUEST.fields_by_name['name']._options = None _UNDELETEROLEREQUEST.fields_by_name['name']._options = None _IAM = _descriptor.ServiceDescriptor( name='IAM', full_name='google.iam.admin.v1.IAM', file=DESCRIPTOR, index=0, serialized_options=b'\312A\022iam.googleapis.com\322A.https://www.googleapis.com/auth/cloud-platform', create_key=_descriptor._internal_create_key, serialized_start=4848, serialized_end=8820, methods=[ _descriptor.MethodDescriptor( name='ListServiceAccounts', full_name='google.iam.admin.v1.IAM.ListServiceAccounts', index=0, containing_service=None, input_type=_LISTSERVICEACCOUNTSREQUEST, output_type=_LISTSERVICEACCOUNTSRESPONSE, serialized_options=b'\202\323\344\223\002\'\022%/v1/{name=projects/*}/serviceAccounts\332A\004name', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='GetServiceAccount', full_name='google.iam.admin.v1.IAM.GetServiceAccount', index=1, containing_service=None, input_type=_GETSERVICEACCOUNTREQUEST, output_type=_SERVICEACCOUNT, serialized_options=b'\202\323\344\223\002)\022\'/v1/{name=projects/*/serviceAccounts/*}\332A\004name', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='CreateServiceAccount', full_name='google.iam.admin.v1.IAM.CreateServiceAccount', index=2, containing_service=None, input_type=_CREATESERVICEACCOUNTREQUEST, output_type=_SERVICEACCOUNT, serialized_options=b'\202\323\344\223\002*\"%/v1/{name=projects/*}/serviceAccounts:\001*\332A\037name,account_id,service_account', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='UpdateServiceAccount', full_name='google.iam.admin.v1.IAM.UpdateServiceAccount', index=3, containing_service=None, input_type=_SERVICEACCOUNT, output_type=_SERVICEACCOUNT, serialized_options=b'\202\323\344\223\002,\032\'/v1/{name=projects/*/serviceAccounts/*}:\001*', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='DeleteServiceAccount', full_name='google.iam.admin.v1.IAM.DeleteServiceAccount', index=4, containing_service=None, input_type=_DELETESERVICEACCOUNTREQUEST, output_type=google_dot_protobuf_dot_empty__pb2._EMPTY, serialized_options=b'\202\323\344\223\002)*\'/v1/{name=projects/*/serviceAccounts/*}\332A\004name', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='ListServiceAccountKeys', full_name='google.iam.admin.v1.IAM.ListServiceAccountKeys', index=5, containing_service=None, input_type=_LISTSERVICEACCOUNTKEYSREQUEST, output_type=_LISTSERVICEACCOUNTKEYSRESPONSE, serialized_options=b'\202\323\344\223\002.\022,/v1/{name=projects/*/serviceAccounts/*}/keys\332A\016name,key_types', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='GetServiceAccountKey', full_name='google.iam.admin.v1.IAM.GetServiceAccountKey', index=6, containing_service=None, input_type=_GETSERVICEACCOUNTKEYREQUEST, output_type=_SERVICEACCOUNTKEY, serialized_options=b'\202\323\344\223\0020\022./v1/{name=projects/*/serviceAccounts/*/keys/*}\332A\024name,public_key_type', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='CreateServiceAccountKey', full_name='google.iam.admin.v1.IAM.CreateServiceAccountKey', index=7, containing_service=None, input_type=_CREATESERVICEACCOUNTKEYREQUEST, output_type=_SERVICEACCOUNTKEY, serialized_options=b'\202\323\344\223\0021\",/v1/{name=projects/*/serviceAccounts/*}/keys:\001*\332A#name,private_key_type,key_algorithm', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='DeleteServiceAccountKey', full_name='google.iam.admin.v1.IAM.DeleteServiceAccountKey', index=8, containing_service=None, input_type=_DELETESERVICEACCOUNTKEYREQUEST, output_type=google_dot_protobuf_dot_empty__pb2._EMPTY, serialized_options=b'\202\323\344\223\0020*./v1/{name=projects/*/serviceAccounts/*/keys/*}\332A\004name', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='SignBlob', full_name='google.iam.admin.v1.IAM.SignBlob', index=9, containing_service=None, input_type=_SIGNBLOBREQUEST, output_type=_SIGNBLOBRESPONSE, serialized_options=b'\202\323\344\223\0025\"0/v1/{name=projects/*/serviceAccounts/*}:signBlob:\001*\332A\022name,bytes_to_sign', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='SignJwt', full_name='google.iam.admin.v1.IAM.SignJwt', index=10, containing_service=None, input_type=_SIGNJWTREQUEST, output_type=_SIGNJWTRESPONSE, serialized_options=b'\202\323\344\223\0024\"//v1/{name=projects/*/serviceAccounts/*}:signJwt:\001*\332A\014name,payload', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='GetIamPolicy', full_name='google.iam.admin.v1.IAM.GetIamPolicy', index=11, containing_service=None, input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._GETIAMPOLICYREQUEST, output_type=google_dot_iam_dot_v1_dot_policy__pb2._POLICY, serialized_options=b'\202\323\344\223\002:\"8/v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy\332A\010resource', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='SetIamPolicy', full_name='google.iam.admin.v1.IAM.SetIamPolicy', index=12, containing_service=None, input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._SETIAMPOLICYREQUEST, output_type=google_dot_iam_dot_v1_dot_policy__pb2._POLICY, serialized_options=b'\202\323\344\223\002=\"8/v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy:\001*\332A\017resource,policy', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='TestIamPermissions', full_name='google.iam.admin.v1.IAM.TestIamPermissions', index=13, containing_service=None, input_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._TESTIAMPERMISSIONSREQUEST, output_type=google_dot_iam_dot_v1_dot_iam__policy__pb2._TESTIAMPERMISSIONSRESPONSE, serialized_options=b'\202\323\344\223\002C\">/v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions:\001*\332A\024resource,permissions', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='QueryGrantableRoles', full_name='google.iam.admin.v1.IAM.QueryGrantableRoles', index=14, containing_service=None, input_type=_QUERYGRANTABLEROLESREQUEST, output_type=_QUERYGRANTABLEROLESRESPONSE, serialized_options=b'\202\323\344\223\002\"\"\035/v1/roles:queryGrantableRoles:\001*\332A\022full_resource_name', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='ListRoles', full_name='google.iam.admin.v1.IAM.ListRoles', index=15, containing_service=None, input_type=_LISTROLESREQUEST, output_type=_LISTROLESRESPONSE, serialized_options=b'\202\323\344\223\002R\022\t/v1/rolesZ$\022\"/v1/{parent=organizations/*}/rolesZ\037\022\035/v1/{parent=projects/*}/roles', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='GetRole', full_name='google.iam.admin.v1.IAM.GetRole', index=16, containing_service=None, input_type=_GETROLEREQUEST, output_type=_ROLE, serialized_options=b'\202\323\344\223\002[\022\022/v1/{name=roles/*}Z$\022\"/v1/{name=organizations/*/roles/*}Z\037\022\035/v1/{name=projects/*/roles/*}', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='CreateRole', full_name='google.iam.admin.v1.IAM.CreateRole', index=17, containing_service=None, input_type=_CREATEROLEREQUEST, output_type=_ROLE, serialized_options=b'\202\323\344\223\002K\"\"/v1/{parent=organizations/*}/roles:\001*Z\"\"\035/v1/{parent=projects/*}/roles:\001*', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='UpdateRole', full_name='google.iam.admin.v1.IAM.UpdateRole', index=18, containing_service=None, input_type=_UPDATEROLEREQUEST, output_type=_ROLE, serialized_options=b'\202\323\344\223\002Q2\"/v1/{name=organizations/*/roles/*}:\004roleZ%2\035/v1/{name=projects/*/roles/*}:\004role', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='DeleteRole', full_name='google.iam.admin.v1.IAM.DeleteRole', index=19, containing_service=None, input_type=_DELETEROLEREQUEST, output_type=_ROLE, serialized_options=b'\202\323\344\223\002E*\"/v1/{name=organizations/*/roles/*}Z\037*\035/v1/{name=projects/*/roles/*}', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='UndeleteRole', full_name='google.iam.admin.v1.IAM.UndeleteRole', index=20, containing_service=None, input_type=_UNDELETEROLEREQUEST, output_type=_ROLE, serialized_options=b'\202\323\344\223\002]\"+/v1/{name=organizations/*/roles/*}:undelete:\001*Z+\"&/v1/{name=projects/*/roles/*}:undelete:\001*', create_key=_descriptor._internal_create_key, ), _descriptor.MethodDescriptor( name='QueryTestablePermissions', full_name='google.iam.admin.v1.IAM.QueryTestablePermissions', index=21, containing_service=None, input_type=_QUERYTESTABLEPERMISSIONSREQUEST, output_type=_QUERYTESTABLEPERMISSIONSRESPONSE, serialized_options=b'\202\323\344\223\002-\"(/v1/permissions:queryTestablePermissions:\001*', create_key=_descriptor._internal_create_key, ), ]) _sym_db.RegisterServiceDescriptor(_IAM) DESCRIPTOR.services_by_name['IAM'] = _IAM # @@protoc_insertion_point(module_scope)