naftiko: 1.0.0-alpha2 info: label: Google Cloud IAM API description: The Cloud IAM API enables management of identity and access control policies, service accounts, roles, and permissions for Google Cloud resources. tags: - Google - Cloud - Iam - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: google-cloud-iam baseUri: https://iam.googleapis.com/v1 description: Google Cloud IAM API HTTP API. authentication: type: bearer token: '{{GOOGLE_CLOUD_IAM_TOKEN}}' resources: - name: projects-projectid-serviceaccounts path: /projects/{projectId}/serviceAccounts operations: - name: listserviceaccounts method: GET description: Google Cloud IAM List service accounts inputParameters: - name: projectId in: path type: string required: true - name: pageSize in: query type: integer - name: pageToken in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createserviceaccount method: POST description: Google Cloud IAM Create a service account inputParameters: - name: projectId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-serviceaccounts-serviceaccoun path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail} operations: - name: getserviceaccount method: GET description: Google Cloud IAM Get a service account inputParameters: - name: projectId in: path type: string required: true - name: serviceAccountEmail in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: patchserviceaccount method: PATCH description: Google Cloud IAM Update a service account inputParameters: - name: projectId in: path type: string required: true - name: serviceAccountEmail in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteserviceaccount method: DELETE description: Google Cloud IAM Delete a service account inputParameters: - name: projectId in: path type: string required: true - name: serviceAccountEmail in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-serviceaccounts-serviceaccoun path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail}/keys operations: - name: listserviceaccountkeys method: GET description: Google Cloud IAM List service account keys inputParameters: - name: projectId in: path type: string required: true - name: serviceAccountEmail in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createserviceaccountkey method: POST description: Google Cloud IAM Create a service account key inputParameters: - name: projectId in: path type: string required: true - name: serviceAccountEmail in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: roles path: /roles operations: - name: listroles method: GET description: Google Cloud IAM List roles inputParameters: - name: pageSize in: query type: integer - name: pageToken in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-roles path: /projects/{projectId}/roles operations: - name: listprojectroles method: GET description: Google Cloud IAM List project roles inputParameters: - name: projectId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createprojectrole method: POST description: Google Cloud IAM Create a custom role inputParameters: - name: projectId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: permissions-querytestablepermissions path: /permissions:queryTestablePermissions operations: - name: querytestablepermissions method: POST description: Google Cloud IAM Query testable permissions outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: google-cloud-iam-rest description: REST adapter for Google Cloud IAM API. resources: - path: /projects/{projectId}/serviceAccounts name: listserviceaccounts operations: - method: GET name: listserviceaccounts description: Google Cloud IAM List service accounts call: google-cloud-iam.listserviceaccounts with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts name: createserviceaccount operations: - method: POST name: createserviceaccount description: Google Cloud IAM Create a service account call: google-cloud-iam.createserviceaccount with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail} name: getserviceaccount operations: - method: GET name: getserviceaccount description: Google Cloud IAM Get a service account call: google-cloud-iam.getserviceaccount with: projectId: rest.projectId serviceAccountEmail: rest.serviceAccountEmail outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail} name: patchserviceaccount operations: - method: PATCH name: patchserviceaccount description: Google Cloud IAM Update a service account call: google-cloud-iam.patchserviceaccount with: projectId: rest.projectId serviceAccountEmail: rest.serviceAccountEmail outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail} name: deleteserviceaccount operations: - method: DELETE name: deleteserviceaccount description: Google Cloud IAM Delete a service account call: google-cloud-iam.deleteserviceaccount with: projectId: rest.projectId serviceAccountEmail: rest.serviceAccountEmail outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail}/keys name: listserviceaccountkeys operations: - method: GET name: listserviceaccountkeys description: Google Cloud IAM List service account keys call: google-cloud-iam.listserviceaccountkeys with: projectId: rest.projectId serviceAccountEmail: rest.serviceAccountEmail outputParameters: - type: object mapping: $. - path: /projects/{projectId}/serviceAccounts/{serviceAccountEmail}/keys name: createserviceaccountkey operations: - method: POST name: createserviceaccountkey description: Google Cloud IAM Create a service account key call: google-cloud-iam.createserviceaccountkey with: projectId: rest.projectId serviceAccountEmail: rest.serviceAccountEmail outputParameters: - type: object mapping: $. - path: /roles name: listroles operations: - method: GET name: listroles description: Google Cloud IAM List roles call: google-cloud-iam.listroles outputParameters: - type: object mapping: $. - path: /projects/{projectId}/roles name: listprojectroles operations: - method: GET name: listprojectroles description: Google Cloud IAM List project roles call: google-cloud-iam.listprojectroles with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/roles name: createprojectrole operations: - method: POST name: createprojectrole description: Google Cloud IAM Create a custom role call: google-cloud-iam.createprojectrole with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /permissions:queryTestablePermissions name: querytestablepermissions operations: - method: POST name: querytestablepermissions description: Google Cloud IAM Query testable permissions call: google-cloud-iam.querytestablepermissions outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: google-cloud-iam-mcp transport: http description: MCP adapter for Google Cloud IAM API for AI agent use. tools: - name: listserviceaccounts description: Google Cloud IAM List service accounts hints: readOnly: true destructive: false idempotent: true call: google-cloud-iam.listserviceaccounts with: projectId: tools.projectId pageSize: tools.pageSize pageToken: tools.pageToken inputParameters: - name: projectId type: string description: projectId required: true - name: pageSize type: integer description: pageSize - name: pageToken type: string description: pageToken outputParameters: - type: object mapping: $. - name: createserviceaccount description: Google Cloud IAM Create a service account hints: readOnly: false destructive: false idempotent: false call: google-cloud-iam.createserviceaccount with: projectId: tools.projectId inputParameters: - name: projectId type: string description: projectId required: true outputParameters: - type: object mapping: $. - name: getserviceaccount description: Google Cloud IAM Get a service account hints: readOnly: true destructive: false idempotent: true call: google-cloud-iam.getserviceaccount with: projectId: tools.projectId serviceAccountEmail: tools.serviceAccountEmail inputParameters: - name: projectId type: string description: projectId required: true - name: serviceAccountEmail type: string description: serviceAccountEmail required: true outputParameters: - type: object mapping: $. - name: patchserviceaccount description: Google Cloud IAM Update a service account hints: readOnly: false destructive: false idempotent: false call: google-cloud-iam.patchserviceaccount with: projectId: tools.projectId serviceAccountEmail: tools.serviceAccountEmail inputParameters: - name: projectId type: string description: projectId required: true - name: serviceAccountEmail type: string description: serviceAccountEmail required: true outputParameters: - type: object mapping: $. - name: deleteserviceaccount description: Google Cloud IAM Delete a service account hints: readOnly: false destructive: true idempotent: true call: google-cloud-iam.deleteserviceaccount with: projectId: tools.projectId serviceAccountEmail: tools.serviceAccountEmail inputParameters: - name: projectId type: string description: projectId required: true - name: serviceAccountEmail type: string description: serviceAccountEmail required: true outputParameters: - type: object mapping: $. - name: listserviceaccountkeys description: Google Cloud IAM List service account keys hints: readOnly: true destructive: false idempotent: true call: google-cloud-iam.listserviceaccountkeys with: projectId: tools.projectId serviceAccountEmail: tools.serviceAccountEmail inputParameters: - name: projectId type: string description: projectId required: true - name: serviceAccountEmail type: string description: serviceAccountEmail required: true outputParameters: - type: object mapping: $. - name: createserviceaccountkey description: Google Cloud IAM Create a service account key hints: readOnly: false destructive: false idempotent: false call: google-cloud-iam.createserviceaccountkey with: projectId: tools.projectId serviceAccountEmail: tools.serviceAccountEmail inputParameters: - name: projectId type: string description: projectId required: true - name: serviceAccountEmail type: string description: serviceAccountEmail required: true outputParameters: - type: object mapping: $. - name: listroles description: Google Cloud IAM List roles hints: readOnly: true destructive: false idempotent: true call: google-cloud-iam.listroles with: pageSize: tools.pageSize pageToken: tools.pageToken inputParameters: - name: pageSize type: integer description: pageSize - name: pageToken type: string description: pageToken outputParameters: - type: object mapping: $. - name: listprojectroles description: Google Cloud IAM List project roles hints: readOnly: true destructive: false idempotent: true call: google-cloud-iam.listprojectroles with: projectId: tools.projectId inputParameters: - name: projectId type: string description: projectId required: true outputParameters: - type: object mapping: $. - name: createprojectrole description: Google Cloud IAM Create a custom role hints: readOnly: false destructive: false idempotent: false call: google-cloud-iam.createprojectrole with: projectId: tools.projectId inputParameters: - name: projectId type: string description: projectId required: true outputParameters: - type: object mapping: $. - name: querytestablepermissions description: Google Cloud IAM Query testable permissions hints: readOnly: false destructive: false idempotent: false call: google-cloud-iam.querytestablepermissions outputParameters: - type: object mapping: $. binds: - namespace: env keys: GOOGLE_CLOUD_IAM_TOKEN: GOOGLE_CLOUD_IAM_TOKEN