Vendor dependencies for GCS

vendor/cloud.google.com/go/iam/admin/apiv1/doc.go

@@ -0,0 +1,44 @@
+// Copyright 2017, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// AUTO-GENERATED CODE. DO NOT EDIT.
+
+// Package admin is an experimental, auto-generated package for the
+// Google Identity and Access Management (IAM) API.
+//
+// Manages identity and access control for Google Cloud Platform resources,
+// including the creation of service accounts, which you can use to
+// authenticate to Google and make API calls.
+package admin // import "cloud.google.com/go/iam/admin/apiv1"
+
+import (
+	"golang.org/x/net/context"
+	"google.golang.org/grpc/metadata"
+)
+
+func insertXGoog(ctx context.Context, val []string) context.Context {
+	md, _ := metadata.FromOutgoingContext(ctx)
+	md = md.Copy()
+	md["x-goog-api-client"] = val
+	return metadata.NewOutgoingContext(ctx, md)
+}
+
+// DefaultAuthScopes reports the authentication scopes required
+// by this package.
+func DefaultAuthScopes() []string {
+	return []string{
+		"https://www.googleapis.com/auth/cloud-platform",
+		"https://www.googleapis.com/auth/iam",
+	}
+}

vendor/cloud.google.com/go/iam/admin/apiv1/iam_client.go

@@ -0,0 +1,490 @@
+// Copyright 2017, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// AUTO-GENERATED CODE. DO NOT EDIT.
+
+package admin
+
+import (
+	"math"
+	"time"
+
+	"cloud.google.com/go/internal/version"
+	gax "github.com/googleapis/gax-go"
+	"golang.org/x/net/context"
+	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
+	"google.golang.org/api/transport"
+	adminpb "google.golang.org/genproto/googleapis/iam/admin/v1"
+	iampb "google.golang.org/genproto/googleapis/iam/v1"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+)
+
+var (
+	iamProjectPathTemplate        = gax.MustCompilePathTemplate("projects/{project}")
+	iamServiceAccountPathTemplate = gax.MustCompilePathTemplate("projects/{project}/serviceAccounts/{service_account}")
+	iamKeyPathTemplate            = gax.MustCompilePathTemplate("projects/{project}/serviceAccounts/{service_account}/keys/{key}")
+)
+
+// IamCallOptions contains the retry settings for each method of IamClient.
+type IamCallOptions struct {
+	ListServiceAccounts     []gax.CallOption
+	GetServiceAccount       []gax.CallOption
+	CreateServiceAccount    []gax.CallOption
+	UpdateServiceAccount    []gax.CallOption
+	DeleteServiceAccount    []gax.CallOption
+	ListServiceAccountKeys  []gax.CallOption
+	GetServiceAccountKey    []gax.CallOption
+	CreateServiceAccountKey []gax.CallOption
+	DeleteServiceAccountKey []gax.CallOption
+	SignBlob                []gax.CallOption
+	GetIamPolicy            []gax.CallOption
+	SetIamPolicy            []gax.CallOption
+	TestIamPermissions      []gax.CallOption
+	QueryGrantableRoles     []gax.CallOption
+}
+
+func defaultIamClientOptions() []option.ClientOption {
+	return []option.ClientOption{
+		option.WithEndpoint("iam.googleapis.com:443"),
+		option.WithScopes(DefaultAuthScopes()...),
+	}
+}
+
+func defaultIamCallOptions() *IamCallOptions {
+	retry := map[[2]string][]gax.CallOption{
+		{"default", "idempotent"}: {
+			gax.WithRetry(func() gax.Retryer {
+				return gax.OnCodes([]codes.Code{
+					codes.DeadlineExceeded,
+					codes.Unavailable,
+				}, gax.Backoff{
+					Initial:    100 * time.Millisecond,
+					Max:        60000 * time.Millisecond,
+					Multiplier: 1.3,
+				})
+			}),
+		},
+	}
+	return &IamCallOptions{
+		ListServiceAccounts:     retry[[2]string{"default", "idempotent"}],
+		GetServiceAccount:       retry[[2]string{"default", "idempotent"}],
+		CreateServiceAccount:    retry[[2]string{"default", "non_idempotent"}],
+		UpdateServiceAccount:    retry[[2]string{"default", "idempotent"}],
+		DeleteServiceAccount:    retry[[2]string{"default", "idempotent"}],
+		ListServiceAccountKeys:  retry[[2]string{"default", "idempotent"}],
+		GetServiceAccountKey:    retry[[2]string{"default", "idempotent"}],
+		CreateServiceAccountKey: retry[[2]string{"default", "non_idempotent"}],
+		DeleteServiceAccountKey: retry[[2]string{"default", "idempotent"}],
+		SignBlob:                retry[[2]string{"default", "non_idempotent"}],
+		GetIamPolicy:            retry[[2]string{"default", "non_idempotent"}],
+		SetIamPolicy:            retry[[2]string{"default", "non_idempotent"}],
+		TestIamPermissions:      retry[[2]string{"default", "non_idempotent"}],
+		QueryGrantableRoles:     retry[[2]string{"default", "non_idempotent"}],
+	}
+}
+
+// IamClient is a client for interacting with Google Identity and Access Management (IAM) API.
+type IamClient struct {
+	// The connection to the service.
+	conn *grpc.ClientConn
+
+	// The gRPC API client.
+	iamClient adminpb.IAMClient
+
+	// The call options for this service.
+	CallOptions *IamCallOptions
+
+	// The metadata to be sent with each request.
+	xGoogHeader []string
+}
+
+// NewIamClient creates a new iam client.
+//
+// Creates and manages service account objects.
+//
+// Service account is an account that belongs to your project instead
+// of to an individual end user. It is used to authenticate calls
+// to a Google API.
+//
+// To create a service account, specify the `project_id` and `account_id`
+// for the account.  The `account_id` is unique within the project, and used
+// to generate the service account email address and a stable
+// `unique_id`.
+//
+// All other methods can identify accounts using the format
+// `projects/{project}/serviceAccounts/{account}`.
+// Using `-` as a wildcard for the project will infer the project from
+// the account. The `account` value can be the `email` address or the
+// `unique_id` of the service account.
+func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) {
+	conn, err := transport.DialGRPC(ctx, append(defaultIamClientOptions(), opts...)...)
+	if err != nil {
+		return nil, err
+	}
+	c := &IamClient{
+		conn:        conn,
+		CallOptions: defaultIamCallOptions(),
+
+		iamClient: adminpb.NewIAMClient(conn),
+	}
+	c.SetGoogleClientInfo()
+	return c, nil
+}
+
+// Connection returns the client's connection to the API service.
+func (c *IamClient) Connection() *grpc.ClientConn {
+	return c.conn
+}
+
+// Close closes the connection to the API service. The user should invoke this when
+// the client is no longer required.
+func (c *IamClient) Close() error {
+	return c.conn.Close()
+}
+
+// SetGoogleClientInfo sets the name and version of the application in
+// the `x-goog-api-client` header passed on each request. Intended for
+// use by Google-written clients.
+func (c *IamClient) SetGoogleClientInfo(keyval ...string) {
+	kv := append([]string{"gl-go", version.Go()}, keyval...)
+	kv = append(kv, "gapic", version.Repo, "gax", gax.Version, "grpc", grpc.Version)
+	c.xGoogHeader = []string{gax.XGoogHeader(kv...)}
+}
+
+// IamProjectPath returns the path for the project resource.
+func IamProjectPath(project string) string {
+	path, err := iamProjectPathTemplate.Render(map[string]string{
+		"project": project,
+	})
+	if err != nil {
+		panic(err)
+	}
+	return path
+}
+
+// IamServiceAccountPath returns the path for the service account resource.
+func IamServiceAccountPath(project, serviceAccount string) string {
+	path, err := iamServiceAccountPathTemplate.Render(map[string]string{
+		"project":         project,
+		"service_account": serviceAccount,
+	})
+	if err != nil {
+		panic(err)
+	}
+	return path
+}
+
+// IamKeyPath returns the path for the key resource.
+func IamKeyPath(project, serviceAccount, key string) string {
+	path, err := iamKeyPathTemplate.Render(map[string]string{
+		"project":         project,
+		"service_account": serviceAccount,
+		"key":             key,
+	})
+	if err != nil {
+		panic(err)
+	}
+	return path
+}
+
+// ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project.
+func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.ListServiceAccounts[0:len(c.CallOptions.ListServiceAccounts):len(c.CallOptions.ListServiceAccounts)], opts...)
+	it := &ServiceAccountIterator{}
+	it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.ServiceAccount, string, error) {
+		var resp *adminpb.ListServiceAccountsResponse
+		req.PageToken = pageToken
+		if pageSize > math.MaxInt32 {
+			req.PageSize = math.MaxInt32
+		} else {
+			req.PageSize = int32(pageSize)
+		}
+		err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+			var err error
+			resp, err = c.iamClient.ListServiceAccounts(ctx, req, settings.GRPC...)
+			return err
+		}, opts...)
+		if err != nil {
+			return nil, "", err
+		}
+		return resp.Accounts, resp.NextPageToken, nil
+	}
+	fetch := func(pageSize int, pageToken string) (string, error) {
+		items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
+		if err != nil {
+			return "", err
+		}
+		it.items = append(it.items, items...)
+		return nextPageToken, nil
+	}
+	it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
+	return it
+}
+
+// GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.GetServiceAccount[0:len(c.CallOptions.GetServiceAccount):len(c.CallOptions.GetServiceAccount)], opts...)
+	var resp *adminpb.ServiceAccount
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.GetServiceAccount(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]
+// and returns it.
+func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.CreateServiceAccount[0:len(c.CallOptions.CreateServiceAccount):len(c.CallOptions.CreateServiceAccount)], opts...)
+	var resp *adminpb.ServiceAccount
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.CreateServiceAccount(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+//
+// Currently, only the following fields are updatable:
+// `display_name` .
+// The `etag` is mandatory.
+func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.UpdateServiceAccount[0:len(c.CallOptions.UpdateServiceAccount):len(c.CallOptions.UpdateServiceAccount)], opts...)
+	var resp *adminpb.ServiceAccount
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.UpdateServiceAccount(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.DeleteServiceAccount[0:len(c.CallOptions.DeleteServiceAccount):len(c.CallOptions.DeleteServiceAccount)], opts...)
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		_, err = c.iamClient.DeleteServiceAccount(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	return err
+}
+
+// ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey].
+func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.ListServiceAccountKeys[0:len(c.CallOptions.ListServiceAccountKeys):len(c.CallOptions.ListServiceAccountKeys)], opts...)
+	var resp *adminpb.ListServiceAccountKeysResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.ListServiceAccountKeys(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
+// by key id.
+func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.GetServiceAccountKey[0:len(c.CallOptions.GetServiceAccountKey):len(c.CallOptions.GetServiceAccountKey)], opts...)
+	var resp *adminpb.ServiceAccountKey
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.GetServiceAccountKey(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]
+// and returns it.
+func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.CreateServiceAccountKey[0:len(c.CallOptions.CreateServiceAccountKey):len(c.CallOptions.CreateServiceAccountKey)], opts...)
+	var resp *adminpb.ServiceAccountKey
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.CreateServiceAccountKey(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey].
+func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.DeleteServiceAccountKey[0:len(c.CallOptions.DeleteServiceAccountKey):len(c.CallOptions.DeleteServiceAccountKey)], opts...)
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		_, err = c.iamClient.DeleteServiceAccountKey(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	return err
+}
+
+// SignBlob signs a blob using a service account's system-managed private key.
+func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.SignBlob[0:len(c.CallOptions.SignBlob):len(c.CallOptions.SignBlob)], opts...)
+	var resp *adminpb.SignBlobResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.SignBlob(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// getIamPolicy returns the IAM access control policy for a
+// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+func (c *IamClient) getIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.GetIamPolicy[0:len(c.CallOptions.GetIamPolicy):len(c.CallOptions.GetIamPolicy)], opts...)
+	var resp *iampb.Policy
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.GetIamPolicy(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// setIamPolicy sets the IAM access control policy for a
+// [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+func (c *IamClient) setIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.SetIamPolicy[0:len(c.CallOptions.SetIamPolicy):len(c.CallOptions.SetIamPolicy)], opts...)
+	var resp *iampb.Policy
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.SetIamPolicy(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// TestIamPermissions tests the specified permissions against the IAM access control policy
+// for a [ServiceAccount][google.iam.admin.v1.ServiceAccount].
+func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.TestIamPermissions[0:len(c.CallOptions.TestIamPermissions):len(c.CallOptions.TestIamPermissions)], opts...)
+	var resp *iampb.TestIamPermissionsResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.TestIamPermissions(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// QueryGrantableRoles queries roles that can be granted on a particular resource.
+// A role is grantable if it can be used as the role in a binding for a policy
+// for that resource.
+func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error) {
+	ctx = insertXGoog(ctx, c.xGoogHeader)
+	opts = append(c.CallOptions.QueryGrantableRoles[0:len(c.CallOptions.QueryGrantableRoles):len(c.CallOptions.QueryGrantableRoles)], opts...)
+	var resp *adminpb.QueryGrantableRolesResponse
+	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
+		var err error
+		resp, err = c.iamClient.QueryGrantableRoles(ctx, req, settings.GRPC...)
+		return err
+	}, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// ServiceAccountIterator manages a stream of *adminpb.ServiceAccount.
+type ServiceAccountIterator struct {
+	items    []*adminpb.ServiceAccount
+	pageInfo *iterator.PageInfo
+	nextFunc func() error
+
+	// InternalFetch is for use by the Google Cloud Libraries only.
+	// It is not part of the stable interface of this package.
+	//
+	// InternalFetch returns results from a single call to the underlying RPC.
+	// The number of results is no greater than pageSize.
+	// If there are no more results, nextPageToken is empty and err is nil.
+	InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error)
+}
+
+// PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
+func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo {
+	return it.pageInfo
+}
+
+// Next returns the next result. Its second return value is iterator.Done if there are no more
+// results. Once Next returns Done, all subsequent calls will return Done.
+func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error) {
+	var item *adminpb.ServiceAccount
+	if err := it.nextFunc(); err != nil {
+		return item, err
+	}
+	item = it.items[0]
+	it.items = it.items[1:]
+	return item, nil
+}
+
+func (it *ServiceAccountIterator) bufLen() int {
+	return len(it.items)
+}
+
+func (it *ServiceAccountIterator) takeBuf() interface{} {
+	b := it.items
+	it.items = nil
+	return b
+}

vendor/cloud.google.com/go/iam/admin/apiv1/iam_client_example_test.go

@@ -0,0 +1,253 @@
+// Copyright 2017, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// AUTO-GENERATED CODE. DO NOT EDIT.
+
+package admin_test
+
+import (
+	"cloud.google.com/go/iam/admin/apiv1"
+	"golang.org/x/net/context"
+	"google.golang.org/api/iterator"
+	adminpb "google.golang.org/genproto/googleapis/iam/admin/v1"
+	iampb "google.golang.org/genproto/googleapis/iam/v1"
+)
+
+func ExampleNewIamClient() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use client.
+	_ = c
+}
+
+func ExampleIamClient_ListServiceAccounts() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.ListServiceAccountsRequest{
+	// TODO: Fill request struct fields.
+	}
+	it := c.ListServiceAccounts(ctx, req)
+	for {
+		resp, err := it.Next()
+		if err == iterator.Done {
+			break
+		}
+		if err != nil {
+			// TODO: Handle error.
+		}
+		// TODO: Use resp.
+		_ = resp
+	}
+}
+
+func ExampleIamClient_GetServiceAccount() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.GetServiceAccountRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.GetServiceAccount(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_CreateServiceAccount() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.CreateServiceAccountRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.CreateServiceAccount(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_UpdateServiceAccount() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.ServiceAccount{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.UpdateServiceAccount(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_DeleteServiceAccount() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.DeleteServiceAccountRequest{
+	// TODO: Fill request struct fields.
+	}
+	err = c.DeleteServiceAccount(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+}
+
+func ExampleIamClient_ListServiceAccountKeys() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.ListServiceAccountKeysRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.ListServiceAccountKeys(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_GetServiceAccountKey() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.GetServiceAccountKeyRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.GetServiceAccountKey(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_CreateServiceAccountKey() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.CreateServiceAccountKeyRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.CreateServiceAccountKey(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_DeleteServiceAccountKey() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.DeleteServiceAccountKeyRequest{
+	// TODO: Fill request struct fields.
+	}
+	err = c.DeleteServiceAccountKey(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+}
+
+func ExampleIamClient_SignBlob() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.SignBlobRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.SignBlob(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_TestIamPermissions() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &iampb.TestIamPermissionsRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.TestIamPermissions(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}
+
+func ExampleIamClient_QueryGrantableRoles() {
+	ctx := context.Background()
+	c, err := admin.NewIamClient(ctx)
+	if err != nil {
+		// TODO: Handle error.
+	}
+
+	req := &adminpb.QueryGrantableRolesRequest{
+	// TODO: Fill request struct fields.
+	}
+	resp, err := c.QueryGrantableRoles(ctx, req)
+	if err != nil {
+		// TODO: Handle error.
+	}
+	// TODO: Use resp.
+	_ = resp
+}

vendor/cloud.google.com/go/iam/admin/apiv1/policy_methods.go

@@ -0,0 +1,52 @@
+// Copyright 2016 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This is handwritten code. These methods are implemented by hand so they can use
+// the iam.Policy type.
+
+package admin
+
+import (
+	"cloud.google.com/go/iam"
+	"golang.org/x/net/context"
+	iampb "google.golang.org/genproto/googleapis/iam/v1"
+)
+
+// GetIamPolicy returns the IAM access control policy for a ServiceAccount.
+func (c *IamClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest) (*iam.Policy, error) {
+	policy, err := c.getIamPolicy(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	return &iam.Policy{InternalProto: policy}, nil
+}
+
+// SetIamPolicyRequest is the request type for the SetIamPolicy method.
+type SetIamPolicyRequest struct {
+	Resource string
+	Policy   *iam.Policy
+}
+
+// SetIamPolicy sets the IAM access control policy for a ServiceAccount.
+func (c *IamClient) SetIamPolicy(ctx context.Context, req *SetIamPolicyRequest) (*iam.Policy, error) {
+	preq := &iampb.SetIamPolicyRequest{
+		Resource: req.Resource,
+		Policy:   req.Policy.InternalProto,
+	}
+	policy, err := c.setIamPolicy(ctx, preq)
+	if err != nil {
+		return nil, err
+	}
+	return &iam.Policy{InternalProto: policy}, nil
+}

vendor/cloud.google.com/go/iam/iam.go

@@ -0,0 +1,256 @@
+// Copyright 2016 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package iam supports the resource-specific operations of Google Cloud
+// IAM (Identity and Access Management) for the Google Cloud Libraries.
+// See https://cloud.google.com/iam for more about IAM.
+//
+// Users of the Google Cloud Libraries will typically not use this package
+// directly. Instead they will begin with some resource that supports IAM, like
+// a pubsub topic, and call its IAM method to get a Handle for that resource.
+package iam
+
+import (
+	"golang.org/x/net/context"
+	pb "google.golang.org/genproto/googleapis/iam/v1"
+	"google.golang.org/grpc"
+)
+
+// client abstracts the IAMPolicy API to allow multiple implementations.
+type client interface {
+	Get(ctx context.Context, resource string) (*pb.Policy, error)
+	Set(ctx context.Context, resource string, p *pb.Policy) error
+	Test(ctx context.Context, resource string, perms []string) ([]string, error)
+}
+
+// grpcClient implements client for the standard gRPC-based IAMPolicy service.
+type grpcClient struct {
+	c pb.IAMPolicyClient
+}
+
+func (g *grpcClient) Get(ctx context.Context, resource string) (*pb.Policy, error) {
+	proto, err := g.c.GetIamPolicy(ctx, &pb.GetIamPolicyRequest{Resource: resource})
+	if err != nil {
+		return nil, err
+	}
+	return proto, nil
+}
+func (g *grpcClient) Set(ctx context.Context, resource string, p *pb.Policy) error {
+	_, err := g.c.SetIamPolicy(ctx, &pb.SetIamPolicyRequest{
+		Resource: resource,
+		Policy:   p,
+	})
+	return err
+}
+
+func (g *grpcClient) Test(ctx context.Context, resource string, perms []string) ([]string, error) {
+	res, err := g.c.TestIamPermissions(ctx, &pb.TestIamPermissionsRequest{
+		Resource:    resource,
+		Permissions: perms,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return res.Permissions, nil
+}
+
+// A Handle provides IAM operations for a resource.
+type Handle struct {
+	c        client
+	resource string
+}
+
+// InternalNewHandle is for use by the Google Cloud Libraries only.
+//
+// InternalNewHandle returns a Handle for resource.
+// The conn parameter refers to a server that must support the IAMPolicy service.
+func InternalNewHandle(conn *grpc.ClientConn, resource string) *Handle {
+	return InternalNewHandleClient(&grpcClient{c: pb.NewIAMPolicyClient(conn)}, resource)
+}
+
+// InternalNewHandleClient is for use by the Google Cloud Libraries only.
+//
+// InternalNewHandleClient returns a Handle for resource using the given
+// client implementation.
+func InternalNewHandleClient(c client, resource string) *Handle {
+	return &Handle{
+		c:        c,
+		resource: resource,
+	}
+}
+
+// Policy retrieves the IAM policy for the resource.
+func (h *Handle) Policy(ctx context.Context) (*Policy, error) {
+	proto, err := h.c.Get(ctx, h.resource)
+	if err != nil {
+		return nil, err
+	}
+	return &Policy{InternalProto: proto}, nil
+}
+
+// SetPolicy replaces the resource's current policy with the supplied Policy.
+//
+// If policy was created from a prior call to Get, then the modification will
+// only succeed if the policy has not changed since the Get.
+func (h *Handle) SetPolicy(ctx context.Context, policy *Policy) error {
+	return h.c.Set(ctx, h.resource, policy.InternalProto)
+}
+
+// TestPermissions returns the subset of permissions that the caller has on the resource.
+func (h *Handle) TestPermissions(ctx context.Context, permissions []string) ([]string, error) {
+	return h.c.Test(ctx, h.resource, permissions)
+}
+
+// A RoleName is a name representing a collection of permissions.
+type RoleName string
+
+// Common role names.
+const (
+	Owner  RoleName = "roles/owner"
+	Editor RoleName = "roles/editor"
+	Viewer RoleName = "roles/viewer"
+)
+
+const (
+	// AllUsers is a special member that denotes all users, even unauthenticated ones.
+	AllUsers = "allUsers"
+
+	// AllAuthenticatedUsers is a special member that denotes all authenticated users.
+	AllAuthenticatedUsers = "allAuthenticatedUsers"
+)
+
+// A Policy is a list of Bindings representing roles
+// granted to members.
+//
+// The zero Policy is a valid policy with no bindings.
+type Policy struct {
+	// TODO(jba): when type aliases are available, put Policy into an internal package
+	// and provide an exported alias here.
+
+	// This field is exported for use by the Google Cloud Libraries only.
+	// It may become unexported in a future release.
+	InternalProto *pb.Policy
+}
+
+// Members returns the list of members with the supplied role.
+// The return value should not be modified. Use Add and Remove
+// to modify the members of a role.
+func (p *Policy) Members(r RoleName) []string {
+	b := p.binding(r)
+	if b == nil {
+		return nil
+	}
+	return b.Members
+}
+
+// HasRole reports whether member has role r.
+func (p *Policy) HasRole(member string, r RoleName) bool {
+	return memberIndex(member, p.binding(r)) >= 0
+}
+
+// Add adds member member to role r if it is not already present.
+// A new binding is created if there is no binding for the role.
+func (p *Policy) Add(member string, r RoleName) {
+	b := p.binding(r)
+	if b == nil {
+		if p.InternalProto == nil {
+			p.InternalProto = &pb.Policy{}
+		}
+		p.InternalProto.Bindings = append(p.InternalProto.Bindings, &pb.Binding{
+			Role:    string(r),
+			Members: []string{member},
+		})
+		return
+	}
+	if memberIndex(member, b) < 0 {
+		b.Members = append(b.Members, member)
+		return
+	}
+}
+
+// Remove removes member from role r if it is present.
+func (p *Policy) Remove(member string, r RoleName) {
+	bi := p.bindingIndex(r)
+	if bi < 0 {
+		return
+	}
+	bindings := p.InternalProto.Bindings
+	b := bindings[bi]
+	mi := memberIndex(member, b)
+	if mi < 0 {
+		return
+	}
+	// Order doesn't matter for bindings or members, so to remove, move the last item
+	// into the removed spot and shrink the slice.
+	if len(b.Members) == 1 {
+		// Remove binding.
+		last := len(bindings) - 1
+		bindings[bi] = bindings[last]
+		bindings[last] = nil
+		p.InternalProto.Bindings = bindings[:last]
+		return
+	}
+	// Remove member.
+	// TODO(jba): worry about multiple copies of m?
+	last := len(b.Members) - 1
+	b.Members[mi] = b.Members[last]
+	b.Members[last] = ""
+	b.Members = b.Members[:last]
+}
+
+// Roles returns the names of all the roles that appear in the Policy.
+func (p *Policy) Roles() []RoleName {
+	if p.InternalProto == nil {
+		return nil
+	}
+	var rns []RoleName
+	for _, b := range p.InternalProto.Bindings {
+		rns = append(rns, RoleName(b.Role))
+	}
+	return rns
+}
+
+// binding returns the Binding for the suppied role, or nil if there isn't one.
+func (p *Policy) binding(r RoleName) *pb.Binding {
+	i := p.bindingIndex(r)
+	if i < 0 {
+		return nil
+	}
+	return p.InternalProto.Bindings[i]
+}
+
+func (p *Policy) bindingIndex(r RoleName) int {
+	if p.InternalProto == nil {
+		return -1
+	}
+	for i, b := range p.InternalProto.Bindings {
+		if b.Role == string(r) {
+			return i
+		}
+	}
+	return -1
+}
+
+// memberIndex returns the index of m in b's Members, or -1 if not found.
+func memberIndex(m string, b *pb.Binding) int {
+	if b == nil {
+		return -1
+	}
+	for i, mm := range b.Members {
+		if mm == m {
+			return i
+		}
+	}
+	return -1
+}

vendor/cloud.google.com/go/iam/iam_test.go

@@ -0,0 +1,87 @@
+// Copyright 2016 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package iam
+
+import (
+	"fmt"
+	"sort"
+	"testing"
+
+	"cloud.google.com/go/internal/testutil"
+)
+
+func TestPolicy(t *testing.T) {
+	p := &Policy{}
+
+	add := func(member string, role RoleName) {
+		p.Add(member, role)
+	}
+	remove := func(member string, role RoleName) {
+		p.Remove(member, role)
+	}
+
+	if msg, ok := checkMembers(p, Owner, nil); !ok {
+		t.Fatal(msg)
+	}
+	add("m1", Owner)
+	if msg, ok := checkMembers(p, Owner, []string{"m1"}); !ok {
+		t.Fatal(msg)
+	}
+	add("m2", Owner)
+	if msg, ok := checkMembers(p, Owner, []string{"m1", "m2"}); !ok {
+		t.Fatal(msg)
+	}
+	add("m1", Owner) // duplicate adds ignored
+	if msg, ok := checkMembers(p, Owner, []string{"m1", "m2"}); !ok {
+		t.Fatal(msg)
+	}
+	// No other roles populated yet.
+	if msg, ok := checkMembers(p, Viewer, nil); !ok {
+		t.Fatal(msg)
+	}
+	remove("m1", Owner)
+	if msg, ok := checkMembers(p, Owner, []string{"m2"}); !ok {
+		t.Fatal(msg)
+	}
+	if msg, ok := checkMembers(p, Viewer, nil); !ok {
+		t.Fatal(msg)
+	}
+	remove("m3", Owner) // OK to remove non-existent member.
+	if msg, ok := checkMembers(p, Owner, []string{"m2"}); !ok {
+		t.Fatal(msg)
+	}
+	remove("m2", Owner)
+	if msg, ok := checkMembers(p, Owner, nil); !ok {
+		t.Fatal(msg)
+	}
+	if got, want := p.Roles(), []RoleName(nil); !testutil.Equal(got, want) {
+		t.Fatalf("roles: got %v, want %v", got, want)
+	}
+}
+
+func checkMembers(p *Policy, role RoleName, wantMembers []string) (string, bool) {
+	gotMembers := p.Members(role)
+	sort.Strings(gotMembers)
+	sort.Strings(wantMembers)
+	if !testutil.Equal(gotMembers, wantMembers) {
+		return fmt.Sprintf("got %v, want %v", gotMembers, wantMembers), false
+	}
+	for _, m := range wantMembers {
+		if !p.HasRole(m, role) {
+			return fmt.Sprintf("member %q should have role %s but does not", m, role), false
+		}
+	}
+	return "", true
+}