p71924506
/
aosp12
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
aosp12/external/python/google-api-python-client/docs/dyn/securitycenter_v1beta1.orga...

1005 lines
42 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<html><body>
<style>
body, h1, h2, h3, div, span, p, pre, a {
margin: 0;
padding: 0;
border: 0;
font-weight: inherit;
font-style: inherit;
font-size: 100%;
font-family: inherit;
vertical-align: baseline;
}
body {
font-size: 13px;
padding: 1em;
}
h1 {
font-size: 26px;
margin-bottom: 1em;
}
h2 {
font-size: 24px;
margin-bottom: 1em;
}
h3 {
font-size: 20px;
margin-bottom: 1em;
margin-top: 1em;
}
pre, code {
line-height: 1.5;
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}
pre {
margin-top: 0.5em;
}
h1, h2, h3, p {
font-family: Arial, sans serif;
}
h1, h2, h3 {
border-bottom: solid #CCC 1px;
}
.toc_element {
margin-top: 0.5em;
}
.firstline {
margin-left: 2 em;
}
.method {
margin-top: 1em;
border: solid 1px #CCC;
padding: 1em;
background: #EEE;
}
.details {
font-weight: bold;
font-size: 14px;
}
</style>
<h1><a href="securitycenter_v1beta1.html">Cloud Security Command Center API</a> . <a href="securitycenter_v1beta1.organizations.html">organizations</a> . <a href="securitycenter_v1beta1.organizations.sources.html">sources</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="securitycenter_v1beta1.organizations.sources.findings.html">findings()</a></code>
</p>
<p class="firstline">Returns the findings Resource.</p>
<p class="toc_element">
<code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a source.</p>
<p class="toc_element">
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a source.</p>
<p class="toc_element">
<code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the access control policy on the specified Source.</p>
<p class="toc_element">
<code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
<p class="firstline">Lists all sources belonging to an organization.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates a source.</p>
<p class="toc_element">
<code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on the specified Source.</p>
<p class="toc_element">
<code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Returns the permissions that a caller has on the specified source.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="create">create(parent, body, x__xgafv=None)</code>
<pre>Creates a source.
Args:
parent: string, Resource name of the new source's parent. Its format should be
"organizations/[organization_id]". (required)
body: object, The request body. (required)
The object takes the form of:
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
}</pre>
</div>
<div class="method">
<code class="details" id="get">get(name, x__xgafv=None)</code>
<pre>Gets a source.
Args:
name: string, Relative resource name of the source. Its format is
"organizations/[organization_id]/source/[source_id]". (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
}</pre>
</div>
<div class="method">
<code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
<pre>Gets the access control policy on the specified Source.
Args:
resource: string, REQUIRED: The resource for which the policy is being requested.
See the operation documentation for the appropriate value for this field. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for `GetIamPolicy` method.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Defines an Identity and Access Management (IAM) policy. It is used to
# specify access control policies for Cloud Platform resources.
#
#
# A `Policy` consists of a list of `bindings`. A `binding` binds a list of
# `members` to a `role`, where the members can be user accounts, Google groups,
# Google domains, and service accounts. A `role` is a named list of permissions
# defined by IAM.
#
# **JSON Example**
#
# {
# "bindings": [
# {
# "role": "roles/owner",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
# "serviceAccount:my-other-app@appspot.gserviceaccount.com"
# ]
# },
# {
# "role": "roles/viewer",
# "members": ["user:sean@example.com"]
# }
# ]
# }
#
# **YAML Example**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
# - serviceAccount:my-other-app@appspot.gserviceaccount.com
# role: roles/owner
# - members:
# - user:sean@example.com
# role: roles/viewer
#
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam/docs).
"bindings": [ # Associates a list of `members` to a `role`.
# `bindings` with no members will result in an error.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
# on the internet; with or without a Google account.
#
# * `allAuthenticatedUsers`: A special identifier that represents anyone
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
# account. For example, `alice@gmail.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
# account. For example, `my-other-app@appspot.gserviceaccount.com`.
#
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
"condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
# NOTE: An unsatisfied condition will not allow user access via current
# binding. Different bindings, including their conditions, are examined
# independently.
#
# title: "User account presence"
# description: "Determines whether the request has a user account"
# expression: "size(request.user) > 0"
"location": "A String", # An optional string indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
"expression": "A String", # Textual representation of an expression in
# Common Expression Language syntax.
#
# The application context of the containing message determines which
# well-known feature set of CEL is supported.
"description": "A String", # An optional description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # An optional title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
},
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
# read-modify-write cycle to perform policy updates in order to avoid race
# conditions: An `etag` is returned in the response to `getIamPolicy`, and
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
"version": 42, # Deprecated.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
# An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditLogConfig are exempted.
#
# Example Policy with multiple AuditConfigs:
#
# {
# "audit_configs": [
# {
# "service": "allServices"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# },
# {
# "log_type": "ADMIN_READ",
# }
# ]
# },
# {
# "service": "fooservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# },
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
# "user:bar@gmail.com"
# ]
# }
# ]
# }
# ]
# }
#
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
#
# {
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# }
# ]
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
# foo@gmail.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
"A String",
],
"logType": "A String", # The log type that this config enables.
},
],
"service": "A String", # Specifies a service that will be enabled for audit logging.
# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
# `allServices` is a special value that covers all services.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</code>
<pre>Lists all sources belonging to an organization.
Args:
parent: string, Resource name of the parent of sources to list. Its format should be
"organizations/[organization_id]". (required)
pageToken: string, The value returned by the last `ListSourcesResponse`; indicates
that this is a continuation of a prior `ListSources` call, and
that the system should return the next page of data.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
pageSize: integer, The maximum number of results to return in a single response. Default is
10, minimum is 1, maximum is 1000.
Returns:
An object of the form:
{ # Response message for listing sources.
"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more
# results.
"sources": [ # Sources belonging to the requested parent.
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="list_next">list_next(previous_request, previous_response)</code>
<pre>Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
<div class="method">
<code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
<pre>Updates a source.
Args:
name: string, The relative resource name of this source. See:
https://cloud.google.com/apis/design/resource_names#relative_resource_name
Example:
"organizations/123/sources/456" (required)
body: object, The request body. (required)
The object takes the form of:
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
}
updateMask: string, The FieldMask to use when updating the source resource.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source
# is an entity or a mechanism that can produce a finding. A source is like a
# container of findings that come from the same scanner, logger, monitor, etc.
"displayName": "A String", # The sources display name.
# A sources display name must be unique amongst its siblings, for example,
# two sources with the same parent can't share the same display name.
# The display name must have a length between 1 and 64 characters
# (inclusive).
"name": "A String", # The relative resource name of this source. See:
# https://cloud.google.com/apis/design/resource_names#relative_resource_name
# Example:
# "organizations/123/sources/456"
"description": "A String", # The description of the source (max of 1024 characters).
# Example:
# "Cloud Security Scanner is a web security scanner for common
# vulnerabilities in App Engine applications. It can automatically
# scan and detect four common vulnerabilities, including cross-site-scripting
# (XSS), Flash injection, mixed content (HTTP in HTTPS), and
# outdated/insecure libraries."
}</pre>
</div>
<div class="method">
<code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
<pre>Sets the access control policy on the specified Source.
Args:
resource: string, REQUIRED: The resource for which the policy is being specified.
See the operation documentation for the appropriate value for this field. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
"policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
# might reject them.
# specify access control policies for Cloud Platform resources.
#
#
# A `Policy` consists of a list of `bindings`. A `binding` binds a list of
# `members` to a `role`, where the members can be user accounts, Google groups,
# Google domains, and service accounts. A `role` is a named list of permissions
# defined by IAM.
#
# **JSON Example**
#
# {
# "bindings": [
# {
# "role": "roles/owner",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
# "serviceAccount:my-other-app@appspot.gserviceaccount.com"
# ]
# },
# {
# "role": "roles/viewer",
# "members": ["user:sean@example.com"]
# }
# ]
# }
#
# **YAML Example**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
# - serviceAccount:my-other-app@appspot.gserviceaccount.com
# role: roles/owner
# - members:
# - user:sean@example.com
# role: roles/viewer
#
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam/docs).
"bindings": [ # Associates a list of `members` to a `role`.
# `bindings` with no members will result in an error.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
# on the internet; with or without a Google account.
#
# * `allAuthenticatedUsers`: A special identifier that represents anyone
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
# account. For example, `alice@gmail.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
# account. For example, `my-other-app@appspot.gserviceaccount.com`.
#
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
"condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
# NOTE: An unsatisfied condition will not allow user access via current
# binding. Different bindings, including their conditions, are examined
# independently.
#
# title: "User account presence"
# description: "Determines whether the request has a user account"
# expression: "size(request.user) > 0"
"location": "A String", # An optional string indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
"expression": "A String", # Textual representation of an expression in
# Common Expression Language syntax.
#
# The application context of the containing message determines which
# well-known feature set of CEL is supported.
"description": "A String", # An optional description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # An optional title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
},
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
# read-modify-write cycle to perform policy updates in order to avoid race
# conditions: An `etag` is returned in the response to `getIamPolicy`, and
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
"version": 42, # Deprecated.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
# An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditLogConfig are exempted.
#
# Example Policy with multiple AuditConfigs:
#
# {
# "audit_configs": [
# {
# "service": "allServices"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# },
# {
# "log_type": "ADMIN_READ",
# }
# ]
# },
# {
# "service": "fooservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# },
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
# "user:bar@gmail.com"
# ]
# }
# ]
# }
# ]
# }
#
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
#
# {
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# }
# ]
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
# foo@gmail.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
"A String",
],
"logType": "A String", # The log type that this config enables.
},
],
"service": "A String", # Specifies a service that will be enabled for audit logging.
# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
# `allServices` is a special value that covers all services.
},
],
},
"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the
# following default mask is used:
# paths: "bindings, etag"
# This field is only used by Cloud IAM.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Defines an Identity and Access Management (IAM) policy. It is used to
# specify access control policies for Cloud Platform resources.
#
#
# A `Policy` consists of a list of `bindings`. A `binding` binds a list of
# `members` to a `role`, where the members can be user accounts, Google groups,
# Google domains, and service accounts. A `role` is a named list of permissions
# defined by IAM.
#
# **JSON Example**
#
# {
# "bindings": [
# {
# "role": "roles/owner",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
# "serviceAccount:my-other-app@appspot.gserviceaccount.com"
# ]
# },
# {
# "role": "roles/viewer",
# "members": ["user:sean@example.com"]
# }
# ]
# }
#
# **YAML Example**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
# - serviceAccount:my-other-app@appspot.gserviceaccount.com
# role: roles/owner
# - members:
# - user:sean@example.com
# role: roles/viewer
#
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam/docs).
"bindings": [ # Associates a list of `members` to a `role`.
# `bindings` with no members will result in an error.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
# * `allUsers`: A special identifier that represents anyone who is
# on the internet; with or without a Google account.
#
# * `allAuthenticatedUsers`: A special identifier that represents anyone
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
# account. For example, `alice@gmail.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
# account. For example, `my-other-app@appspot.gserviceaccount.com`.
#
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
"condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
# NOTE: An unsatisfied condition will not allow user access via current
# binding. Different bindings, including their conditions, are examined
# independently.
#
# title: "User account presence"
# description: "Determines whether the request has a user account"
# expression: "size(request.user) > 0"
"location": "A String", # An optional string indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
"expression": "A String", # Textual representation of an expression in
# Common Expression Language syntax.
#
# The application context of the containing message determines which
# well-known feature set of CEL is supported.
"description": "A String", # An optional description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # An optional title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
},
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
# read-modify-write cycle to perform policy updates in order to avoid race
# conditions: An `etag` is returned in the response to `getIamPolicy`, and
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
"version": 42, # Deprecated.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
# An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditLogConfig are exempted.
#
# Example Policy with multiple AuditConfigs:
#
# {
# "audit_configs": [
# {
# "service": "allServices"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# },
# {
# "log_type": "ADMIN_READ",
# }
# ]
# },
# {
# "service": "fooservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# },
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
# "user:bar@gmail.com"
# ]
# }
# ]
# }
# ]
# }
#
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
#
# {
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:foo@gmail.com"
# ]
# },
# {
# "log_type": "DATA_WRITE",
# }
# ]
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
# foo@gmail.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
"A String",
],
"logType": "A String", # The log type that this config enables.
},
],
"service": "A String", # Specifies a service that will be enabled for audit logging.
# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
# `allServices` is a special value that covers all services.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
<pre>Returns the permissions that a caller has on the specified source.
Args:
resource: string, REQUIRED: The resource for which the policy detail is being requested.
See the operation documentation for the appropriate value for this field. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `TestIamPermissions` method.
"permissions": [ # The set of permissions to check for the `resource`. Permissions with
# wildcards (such as '*' or 'storage.*') are not allowed. For more
# information see
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
"A String",
],
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for `TestIamPermissions` method.
"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
# allowed.
"A String",
],
}</pre>
</div>
</body></html>
Reference in New Issue View Git Blame Copy Permalink