tessl/pypi-grpc-google-iam-v1
gRPC client library for Google Cloud Identity and Access Management (IAM) services with protocol buffer definitions.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-grpc-google-iam-v1@0.14.0index.mddocs/
grpc-google-iam-v1
A gRPC client library providing Python protocol buffer definitions and service stubs for Google Cloud Identity and Access Management (IAM) services. This low-level library enables direct interaction with IAM APIs for managing access control policies, role bindings, and permission evaluation across Google Cloud resources.
Package Information
- Package Name: grpc-google-iam-v1
- Language: Python
- Installation:
pip install grpc-google-iam-v1 - Python Support: >= 3.7
Core Imports
from google.iam.v1 import policy_pb2
from google.iam.v1 import iam_policy_pb2
from google.iam.v1 import iam_policy_pb2_grpc
from google.iam.v1 import options_pb2For audit and logging:
from google.iam.v1.logging import audit_data_pb2For resource policy members:
from google.iam.v1 import resource_policy_member_pb2Basic Usage
import grpc
from google.iam.v1 import policy_pb2
from google.iam.v1 import iam_policy_pb2
from google.iam.v1 import iam_policy_pb2_grpc
# Create a gRPC channel to your service
channel = grpc.insecure_channel('your-service-endpoint:443')
# Create client stub
client = iam_policy_pb2_grpc.IAMPolicyStub(channel)
# Create a policy with role bindings
policy = policy_pb2.Policy()
binding = policy_pb2.Binding()
binding.role = "roles/viewer"
binding.members.extend(["user:alice@example.com", "serviceAccount:my-service@project.iam.gserviceaccount.com"])
policy.bindings.append(binding)
# Set IAM policy on a resource
set_request = iam_policy_pb2.SetIamPolicyRequest()
set_request.resource = "projects/my-project/topics/my-topic"
set_request.policy.CopyFrom(policy)
response = client.SetIamPolicy(set_request)
print(f"Policy set with etag: {response.etag}")
# Get IAM policy from a resource
get_request = iam_policy_pb2.GetIamPolicyRequest()
get_request.resource = "projects/my-project/topics/my-topic"
policy_response = client.GetIamPolicy(get_request)
print(f"Retrieved policy with {len(policy_response.bindings)} bindings")
# Test permissions on a resource
test_request = iam_policy_pb2.TestIamPermissionsRequest()
test_request.resource = "projects/my-project/topics/my-topic"
test_request.permissions.extend(["pubsub.topics.get", "pubsub.topics.publish"])
permissions_response = client.TestIamPermissions(test_request)
print(f"User has permissions: {list(permissions_response.permissions)}")Architecture
This library follows Google's protocol buffer and gRPC patterns:
- Protocol Buffer Messages: Structured data types for IAM policies, bindings, and requests
- gRPC Service Stubs: Client interfaces for remote IAM service calls
- Namespace Organization: Uses google.iam.v1 namespace following Google's conventions
- Generated Code: All classes are auto-generated from .proto definitions
The library provides both client-side stubs for making IAM service calls and server-side servicer base classes for implementing IAM services.
Capabilities
IAM Policy Management
Core IAM policy data structures and operations for managing access control policies with role bindings, conditions, and audit configurations.
class Policy:
version: int
bindings: List[Binding]
audit_configs: List[AuditConfig]
etag: bytes
class Binding:
role: str
members: List[str]
condition: google.type.ExprgRPC Service Operations
Client and server classes for IAM policy service operations including setting, getting, and testing permissions on Google Cloud resources.
class IAMPolicyStub:
def __init__(self, channel): ...
def SetIamPolicy(self, request: SetIamPolicyRequest) -> Policy: ...
def GetIamPolicy(self, request: GetIamPolicyRequest) -> Policy: ...
def TestIamPermissions(self, request: TestIamPermissionsRequest) -> TestIamPermissionsResponse: ...Audit and Logging
Support for audit trails and policy change tracking through specialized message types for logging IAM operations and policy modifications.
class AuditData:
policy_delta: PolicyDelta
class PolicyDelta:
binding_deltas: List[BindingDelta]
audit_config_deltas: List[AuditConfigDelta]Types
Core Request/Response Types
class SetIamPolicyRequest:
resource: str
policy: Policy
update_mask: google.protobuf.FieldMask
class GetIamPolicyRequest:
resource: str
options: GetPolicyOptions
class TestIamPermissionsRequest:
resource: str
permissions: List[str]
class TestIamPermissionsResponse:
permissions: List[str]Configuration Types
class GetPolicyOptions:
requested_policy_version: int
class ResourcePolicyMember:
iam_policy_name_principal: str # output only
iam_policy_uid_principal: str # output only