tessl/pypi-grpc-google-iam-v1
gRPC client library for Google Cloud Identity and Access Management (IAM) services with protocol buffer definitions.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-grpc-google-iam-v1@0.14.00
# grpc-google-iam-v1
1
2
A gRPC client library providing Python protocol buffer definitions and service stubs for Google Cloud Identity and Access Management (IAM) services. This low-level library enables direct interaction with IAM APIs for managing access control policies, role bindings, and permission evaluation across Google Cloud resources.
3
4
## Package Information
5
6
- **Package Name**: grpc-google-iam-v1
7
- **Language**: Python
8
- **Installation**: `pip install grpc-google-iam-v1`
9
- **Python Support**: >= 3.7
10
11
## Core Imports
12
13
```python
14
from google.iam.v1 import policy_pb2
15
from google.iam.v1 import iam_policy_pb2
16
from google.iam.v1 import iam_policy_pb2_grpc
17
from google.iam.v1 import options_pb2
18
```
19
20
For audit and logging:
21
22
```python
23
from google.iam.v1.logging import audit_data_pb2
24
```
25
26
For resource policy members:
27
28
```python
29
from google.iam.v1 import resource_policy_member_pb2
30
```
31
32
## Basic Usage
33
34
```python
35
import grpc
36
from google.iam.v1 import policy_pb2
37
from google.iam.v1 import iam_policy_pb2
38
from google.iam.v1 import iam_policy_pb2_grpc
39
40
# Create a gRPC channel to your service
41
channel = grpc.insecure_channel('your-service-endpoint:443')
42
43
# Create client stub
44
client = iam_policy_pb2_grpc.IAMPolicyStub(channel)
45
46
# Create a policy with role bindings
47
policy = policy_pb2.Policy()
48
binding = policy_pb2.Binding()
49
binding.role = "roles/viewer"
50
binding.members.extend(["user:alice@example.com", "serviceAccount:my-service@project.iam.gserviceaccount.com"])
51
policy.bindings.append(binding)
52
53
# Set IAM policy on a resource
54
set_request = iam_policy_pb2.SetIamPolicyRequest()
55
set_request.resource = "projects/my-project/topics/my-topic"
56
set_request.policy.CopyFrom(policy)
57
58
response = client.SetIamPolicy(set_request)
59
print(f"Policy set with etag: {response.etag}")
60
61
# Get IAM policy from a resource
62
get_request = iam_policy_pb2.GetIamPolicyRequest()
63
get_request.resource = "projects/my-project/topics/my-topic"
64
65
policy_response = client.GetIamPolicy(get_request)
66
print(f"Retrieved policy with {len(policy_response.bindings)} bindings")
67
68
# Test permissions on a resource
69
test_request = iam_policy_pb2.TestIamPermissionsRequest()
70
test_request.resource = "projects/my-project/topics/my-topic"
71
test_request.permissions.extend(["pubsub.topics.get", "pubsub.topics.publish"])
72
73
permissions_response = client.TestIamPermissions(test_request)
74
print(f"User has permissions: {list(permissions_response.permissions)}")
75
```
76
77
## Architecture
78
79
This library follows Google's protocol buffer and gRPC patterns:
80
81
- **Protocol Buffer Messages**: Structured data types for IAM policies, bindings, and requests
82
- **gRPC Service Stubs**: Client interfaces for remote IAM service calls
83
- **Namespace Organization**: Uses google.iam.v1 namespace following Google's conventions
84
- **Generated Code**: All classes are auto-generated from .proto definitions
85
86
The library provides both client-side stubs for making IAM service calls and server-side servicer base classes for implementing IAM services.
87
88
## Capabilities
89
90
### IAM Policy Management
91
92
Core IAM policy data structures and operations for managing access control policies with role bindings, conditions, and audit configurations.
93
94
```python { .api }
95
class Policy:
96
version: int
97
bindings: List[Binding]
98
audit_configs: List[AuditConfig]
99
etag: bytes
100
101
class Binding:
102
role: str
103
members: List[str]
104
condition: google.type.Expr
105
```
106
107
[IAM Policies](./iam-policies.md)
108
109
### gRPC Service Operations
110
111
Client and server classes for IAM policy service operations including setting, getting, and testing permissions on Google Cloud resources.
112
113
```python { .api }
114
class IAMPolicyStub:
115
def __init__(self, channel): ...
116
def SetIamPolicy(self, request: SetIamPolicyRequest) -> Policy: ...
117
def GetIamPolicy(self, request: GetIamPolicyRequest) -> Policy: ...
118
def TestIamPermissions(self, request: TestIamPermissionsRequest) -> TestIamPermissionsResponse: ...
119
```
120
121
[gRPC Services](./grpc-services.md)
122
123
### Audit and Logging
124
125
Support for audit trails and policy change tracking through specialized message types for logging IAM operations and policy modifications.
126
127
```python { .api }
128
class AuditData:
129
policy_delta: PolicyDelta
130
131
class PolicyDelta:
132
binding_deltas: List[BindingDelta]
133
audit_config_deltas: List[AuditConfigDelta]
134
```
135
136
[Audit and Logging](./audit-logging.md)
137
138
## Types
139
140
### Core Request/Response Types
141
142
```python { .api }
143
class SetIamPolicyRequest:
144
resource: str
145
policy: Policy
146
update_mask: google.protobuf.FieldMask
147
148
class GetIamPolicyRequest:
149
resource: str
150
options: GetPolicyOptions
151
152
class TestIamPermissionsRequest:
153
resource: str
154
permissions: List[str]
155
156
class TestIamPermissionsResponse:
157
permissions: List[str]
158
```
159
160
### Configuration Types
161
162
```python { .api }
163
class GetPolicyOptions:
164
requested_policy_version: int
165
166
class ResourcePolicyMember:
167
iam_policy_name_principal: str # output only
168
iam_policy_uid_principal: str # output only
169
```