Clean and regen docs (#401)
diff --git a/docs/dyn/cloudresourcemanager_v1.projects.html b/docs/dyn/cloudresourcemanager_v1.projects.html
index 4c490e5..68af8f3 100644
--- a/docs/dyn/cloudresourcemanager_v1.projects.html
+++ b/docs/dyn/cloudresourcemanager_v1.projects.html
@@ -78,9 +78,6 @@
<code><a href="#clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Clears a `Policy` from a resource.</p>
<p class="toc_element">
- <code><a href="#clearOrgPolicyV1">clearOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Clears a `Policy` from a resource.</p>
-<p class="toc_element">
<code><a href="#create">create(body, x__xgafv=None)</a></code></p>
<p class="firstline">Request that a new Project be created. The result is an Operation which</p>
<p class="toc_element">
@@ -96,18 +93,12 @@
<code><a href="#getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p>
<p class="toc_element">
- <code><a href="#getEffectiveOrgPolicyV1">getEffectiveOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p>
-<p class="toc_element">
<code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Returns the IAM access control policy for the specified Project.</p>
<p class="toc_element">
<code><a href="#getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Gets a `Policy` on a resource.</p>
<p class="toc_element">
- <code><a href="#getOrgPolicyV1">getOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets a `Policy` on a resource.</p>
-<p class="toc_element">
<code><a href="#list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists Projects that are visible to the user and satisfy the</p>
<p class="toc_element">
@@ -132,9 +123,6 @@
<code><a href="#setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p>
<p class="toc_element">
- <code><a href="#setOrgPolicyV1">setOrgPolicyV1(resource, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p>
-<p class="toc_element">
<code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Returns permissions that a caller has on the specified Project.</p>
<p class="toc_element">
@@ -180,41 +168,6 @@
</div>
<div class="method">
- <code class="details" id="clearOrgPolicyV1">clearOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Clears a `Policy` from a resource.
-
-Args:
- resource: string, Name of the resource for the `Policy` to clear. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the ClearOrgPolicy method.
- "etag": "A String", # The current version, for concurrency control. Not sending an `etag`
- # will cause the `Policy` to be cleared blindly.
- "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # A generic empty message that you can re-use to avoid defining duplicated
- # empty messages in your APIs. A typical example is to use it as the request
- # or the response type of an API method. For instance:
- #
- # service Foo {
- # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
- # }
- #
- # The JSON representation for `Empty` is empty JSON object `{}`.
- }</pre>
-</div>
-
-<div class="method">
<code class="details" id="create">create(body, x__xgafv=None)</code>
<pre>Request that a new Project be created. The result is an Operation which
can be used to track the creation process. It is automatically deleted
@@ -230,66 +183,66 @@
The object takes the form of:
{ # A Project is a high-level Google Cloud Platform entity. It is a
- # container for ACLs, APIs, App Engine Apps, VMs, and other
- # Google Cloud Platform resources.
- "name": "A String", # The user-assigned display name of the Project.
- # It must be 4 to 30 characters.
- # Allowed characters are: lowercase and uppercase letters, numbers,
- # hyphen, single-quote, double-quote, space, and exclamation point.
- #
- # Example: <code>My Project</code>
- # Read-write.
- "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
- #
- # The only supported parent type is "organization". Once set, the parent
- # cannot be modified. The `parent` can be set on creation or using the
- # `UpdateProject` method; the end user must have the
- # `resourcemanager.projects.create` permission on the parent.
- #
- # Read-write.
- # Cloud Platform is a generic term for something you (a developer) may want to
- # interact with through one of our API's. Some examples are an App Engine app,
- # a Compute Engine instance, a Cloud SQL database, and so on.
- "type": "A String", # Required field representing the resource type this id is for.
- # At present, the valid types are: "organization"
- "id": "A String", # Required field for the type-specific id. This should correspond to the id
- # used in the type-specific API's.
- },
- "projectId": "A String", # The unique, user-assigned ID of the Project.
- # It must be 6 to 30 lowercase letters, digits, or hyphens.
- # It must start with a letter.
- # Trailing hyphens are prohibited.
- #
- # Example: <code>tokyo-rain-123</code>
- # Read-only after creation.
- "labels": { # The labels associated with this Project.
- #
- # Label keys must be between 1 and 63 characters long and must conform
- # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
- #
- # Label values must be between 0 and 63 characters long and must conform
- # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
- #
- # No more than 256 labels can be associated with a given resource.
- #
- # Clients should store labels in a representation such as JSON that does not
- # depend on specific characters being disallowed.
- #
- # Example: <code>"environment" : "dev"</code>
- # Read-write.
- "a_key": "A String",
- },
- "projectNumber": "A String", # The number uniquely identifying the project.
- #
- # Example: <code>415104041262</code>
- # Read-only.
- "lifecycleState": "A String", # The Project lifecycle state.
- #
- # Read-only.
- "createTime": "A String", # Creation time.
- #
- # Read-only.
- }
+ # container for ACLs, APIs, App Engine Apps, VMs, and other
+ # Google Cloud Platform resources.
+ "name": "A String", # The user-assigned display name of the Project.
+ # It must be 4 to 30 characters.
+ # Allowed characters are: lowercase and uppercase letters, numbers,
+ # hyphen, single-quote, double-quote, space, and exclamation point.
+ #
+ # Example: <code>My Project</code>
+ # Read-write.
+ "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
+ #
+ # The only supported parent type is "organization". Once set, the parent
+ # cannot be modified. The `parent` can be set on creation or using the
+ # `UpdateProject` method; the end user must have the
+ # `resourcemanager.projects.create` permission on the parent.
+ #
+ # Read-write.
+ # Cloud Platform is a generic term for something you (a developer) may want to
+ # interact with through one of our API's. Some examples are an App Engine app,
+ # a Compute Engine instance, a Cloud SQL database, and so on.
+ "type": "A String", # Required field representing the resource type this id is for.
+ # At present, the valid types are: "organization"
+ "id": "A String", # Required field for the type-specific id. This should correspond to the id
+ # used in the type-specific API's.
+ },
+ "projectId": "A String", # The unique, user-assigned ID of the Project.
+ # It must be 6 to 30 lowercase letters, digits, or hyphens.
+ # It must start with a letter.
+ # Trailing hyphens are prohibited.
+ #
+ # Example: <code>tokyo-rain-123</code>
+ # Read-only after creation.
+ "labels": { # The labels associated with this Project.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
+ #
+ # No more than 256 labels can be associated with a given resource.
+ #
+ # Clients should store labels in a representation such as JSON that does not
+ # depend on specific characters being disallowed.
+ #
+ # Example: <code>"environment" : "dev"</code>
+ # Read-write.
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Creation time.
+ #
+ # Read-only.
+ "lifecycleState": "A String", # The Project lifecycle state.
+ #
+ # Read-only.
+ "projectNumber": "A String", # The number uniquely identifying the project.
+ #
+ # Example: <code>415104041262</code>
+ # Read-only.
+}
x__xgafv: string, V1 error format.
Allowed values
@@ -324,7 +277,7 @@
# error message is needed, put the localized message in the error details or
# localize it in the client. The optional error details may contain arbitrary
# information about the error. There is a predefined set of error detail types
- # in the package `google.rpc` which can be used for common error conditions.
+ # in the package `google.rpc` that can be used for common error conditions.
#
# # Language mapping
#
@@ -347,7 +300,7 @@
# errors.
#
# - Workflow errors. A typical workflow has multiple steps. Each step may
- # have a `Status` message for error reporting purpose.
+ # have a `Status` message for error reporting.
#
# - Batch operations. If a client uses batch request and batch response, the
# `Status` message should be used directly inside batch response, one for
@@ -460,66 +413,66 @@
An object of the form:
{ # A Project is a high-level Google Cloud Platform entity. It is a
- # container for ACLs, APIs, App Engine Apps, VMs, and other
- # Google Cloud Platform resources.
- "name": "A String", # The user-assigned display name of the Project.
- # It must be 4 to 30 characters.
- # Allowed characters are: lowercase and uppercase letters, numbers,
- # hyphen, single-quote, double-quote, space, and exclamation point.
- #
- # Example: <code>My Project</code>
- # Read-write.
- "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
- #
- # The only supported parent type is "organization". Once set, the parent
- # cannot be modified. The `parent` can be set on creation or using the
- # `UpdateProject` method; the end user must have the
- # `resourcemanager.projects.create` permission on the parent.
- #
- # Read-write.
- # Cloud Platform is a generic term for something you (a developer) may want to
- # interact with through one of our API's. Some examples are an App Engine app,
- # a Compute Engine instance, a Cloud SQL database, and so on.
- "type": "A String", # Required field representing the resource type this id is for.
- # At present, the valid types are: "organization"
- "id": "A String", # Required field for the type-specific id. This should correspond to the id
- # used in the type-specific API's.
- },
- "projectId": "A String", # The unique, user-assigned ID of the Project.
- # It must be 6 to 30 lowercase letters, digits, or hyphens.
- # It must start with a letter.
- # Trailing hyphens are prohibited.
- #
- # Example: <code>tokyo-rain-123</code>
- # Read-only after creation.
- "labels": { # The labels associated with this Project.
- #
- # Label keys must be between 1 and 63 characters long and must conform
- # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
- #
- # Label values must be between 0 and 63 characters long and must conform
- # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
- #
- # No more than 256 labels can be associated with a given resource.
- #
- # Clients should store labels in a representation such as JSON that does not
- # depend on specific characters being disallowed.
- #
- # Example: <code>"environment" : "dev"</code>
- # Read-write.
- "a_key": "A String",
- },
- "projectNumber": "A String", # The number uniquely identifying the project.
- #
- # Example: <code>415104041262</code>
- # Read-only.
- "lifecycleState": "A String", # The Project lifecycle state.
- #
- # Read-only.
- "createTime": "A String", # Creation time.
- #
- # Read-only.
- }</pre>
+ # container for ACLs, APIs, App Engine Apps, VMs, and other
+ # Google Cloud Platform resources.
+ "name": "A String", # The user-assigned display name of the Project.
+ # It must be 4 to 30 characters.
+ # Allowed characters are: lowercase and uppercase letters, numbers,
+ # hyphen, single-quote, double-quote, space, and exclamation point.
+ #
+ # Example: <code>My Project</code>
+ # Read-write.
+ "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
+ #
+ # The only supported parent type is "organization". Once set, the parent
+ # cannot be modified. The `parent` can be set on creation or using the
+ # `UpdateProject` method; the end user must have the
+ # `resourcemanager.projects.create` permission on the parent.
+ #
+ # Read-write.
+ # Cloud Platform is a generic term for something you (a developer) may want to
+ # interact with through one of our API's. Some examples are an App Engine app,
+ # a Compute Engine instance, a Cloud SQL database, and so on.
+ "type": "A String", # Required field representing the resource type this id is for.
+ # At present, the valid types are: "organization"
+ "id": "A String", # Required field for the type-specific id. This should correspond to the id
+ # used in the type-specific API's.
+ },
+ "projectId": "A String", # The unique, user-assigned ID of the Project.
+ # It must be 6 to 30 lowercase letters, digits, or hyphens.
+ # It must start with a letter.
+ # Trailing hyphens are prohibited.
+ #
+ # Example: <code>tokyo-rain-123</code>
+ # Read-only after creation.
+ "labels": { # The labels associated with this Project.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
+ #
+ # No more than 256 labels can be associated with a given resource.
+ #
+ # Clients should store labels in a representation such as JSON that does not
+ # depend on specific characters being disallowed.
+ #
+ # Example: <code>"environment" : "dev"</code>
+ # Read-write.
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Creation time.
+ #
+ # Read-only.
+ "lifecycleState": "A String", # The Project lifecycle state.
+ #
+ # Read-only.
+ "projectNumber": "A String", # The number uniquely identifying the project.
+ #
+ # Example: <code>415104041262</code>
+ # Read-only.
+ }</pre>
</div>
<div class="method">
@@ -597,7 +550,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -627,8 +579,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -718,231 +670,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="getEffectiveOrgPolicyV1">getEffectiveOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Gets the effective `Policy` on a resource. This is the result of merging
-`Policies` in the resource hierarchy. The returned `Policy` will not have
-an `etag`set because it is a computed `Policy` across multiple resources.
-
-Args:
- resource: string, The name of the resource to start computing the effective `Policy`. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the GetEffectiveOrgPolicy method.
- "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -990,6 +722,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -1061,52 +794,89 @@
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`.
+ # Multiple `bindings` must not be specified for the same `role`.
+ # `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ # Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ #
+ # * `domain:{domain}`: A Google Apps domain name that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
- # An AuditConifg must have one or more AuditLogConfigs.
+ # An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditConfig are exempted.
+ #
# Example Policy with multiple AuditConfigs:
- # {
- # "audit_configs": [
+ #
# {
- # "service": "allServices"
- # "audit_log_configs": [
+ # "audit_configs": [
# {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:foo@gmail.com"
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:foo@gmail.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
# ]
# },
# {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "fooservice@googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:bar@gmail.com"
+ # "service": "fooservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:bar@gmail.com"
+ # ]
+ # }
# ]
# }
# ]
# }
- # ]
- # }
+ #
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
@@ -1154,39 +924,6 @@
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
- "bindings": [ # Associates a list of `members` to a `role`.
- # Multiple `bindings` must not be specified for the same `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- # Required
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` or `joe@example.com`.
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `domain:{domain}`: A Google Apps domain name that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- },
- ],
"version": 42, # Version of the `Policy`. The default version is 0.
}</pre>
</div>
@@ -1223,7 +960,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -1253,8 +989,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -1344,234 +1080,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="getOrgPolicyV1">getOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Gets a `Policy` on a resource.
-
-If no `Policy` is set on the resource, a `Policy` is returned with default
-values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The
-`etag` value can be used with `SetOrgPolicy()` to create or update a
-`Policy` during read-modify-write.
-
-Args:
- resource: string, Name of the resource the `Policy` is set on. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the GetOrgPolicy method.
- "constraint": "A String", # Name of the `Constraint` to get the `Policy`.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -1619,6 +1132,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -1660,7 +1174,7 @@
|Filter|Description|
|------|-----------|
-|name:*|The project has a name.|
+|name:how*|The project's name starts with "how".|
|name:Howl|The project's name is `Howl` or `howl`.|
|name:HOWL|Equivalent to above.|
|NAME:howl|Equivalent to above.|
@@ -1703,66 +1217,66 @@
"projects": [ # The list of Projects that matched the list filter. This list can
# be paginated.
{ # A Project is a high-level Google Cloud Platform entity. It is a
- # container for ACLs, APIs, App Engine Apps, VMs, and other
- # Google Cloud Platform resources.
- "name": "A String", # The user-assigned display name of the Project.
- # It must be 4 to 30 characters.
- # Allowed characters are: lowercase and uppercase letters, numbers,
- # hyphen, single-quote, double-quote, space, and exclamation point.
- #
- # Example: <code>My Project</code>
- # Read-write.
- "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
- #
- # The only supported parent type is "organization". Once set, the parent
- # cannot be modified. The `parent` can be set on creation or using the
- # `UpdateProject` method; the end user must have the
- # `resourcemanager.projects.create` permission on the parent.
- #
- # Read-write.
- # Cloud Platform is a generic term for something you (a developer) may want to
- # interact with through one of our API's. Some examples are an App Engine app,
- # a Compute Engine instance, a Cloud SQL database, and so on.
- "type": "A String", # Required field representing the resource type this id is for.
- # At present, the valid types are: "organization"
- "id": "A String", # Required field for the type-specific id. This should correspond to the id
- # used in the type-specific API's.
- },
- "projectId": "A String", # The unique, user-assigned ID of the Project.
- # It must be 6 to 30 lowercase letters, digits, or hyphens.
- # It must start with a letter.
- # Trailing hyphens are prohibited.
- #
- # Example: <code>tokyo-rain-123</code>
- # Read-only after creation.
- "labels": { # The labels associated with this Project.
- #
- # Label keys must be between 1 and 63 characters long and must conform
- # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
- #
- # Label values must be between 0 and 63 characters long and must conform
- # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
- #
- # No more than 256 labels can be associated with a given resource.
- #
- # Clients should store labels in a representation such as JSON that does not
- # depend on specific characters being disallowed.
- #
- # Example: <code>"environment" : "dev"</code>
- # Read-write.
- "a_key": "A String",
- },
- "projectNumber": "A String", # The number uniquely identifying the project.
- #
- # Example: <code>415104041262</code>
- # Read-only.
- "lifecycleState": "A String", # The Project lifecycle state.
- #
- # Read-only.
- "createTime": "A String", # Creation time.
- #
- # Read-only.
+ # container for ACLs, APIs, App Engine Apps, VMs, and other
+ # Google Cloud Platform resources.
+ "name": "A String", # The user-assigned display name of the Project.
+ # It must be 4 to 30 characters.
+ # Allowed characters are: lowercase and uppercase letters, numbers,
+ # hyphen, single-quote, double-quote, space, and exclamation point.
+ #
+ # Example: <code>My Project</code>
+ # Read-write.
+ "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
+ #
+ # The only supported parent type is "organization". Once set, the parent
+ # cannot be modified. The `parent` can be set on creation or using the
+ # `UpdateProject` method; the end user must have the
+ # `resourcemanager.projects.create` permission on the parent.
+ #
+ # Read-write.
+ # Cloud Platform is a generic term for something you (a developer) may want to
+ # interact with through one of our API's. Some examples are an App Engine app,
+ # a Compute Engine instance, a Cloud SQL database, and so on.
+ "type": "A String", # Required field representing the resource type this id is for.
+ # At present, the valid types are: "organization"
+ "id": "A String", # Required field for the type-specific id. This should correspond to the id
+ # used in the type-specific API's.
},
+ "projectId": "A String", # The unique, user-assigned ID of the Project.
+ # It must be 6 to 30 lowercase letters, digits, or hyphens.
+ # It must start with a letter.
+ # Trailing hyphens are prohibited.
+ #
+ # Example: <code>tokyo-rain-123</code>
+ # Read-only after creation.
+ "labels": { # The labels associated with this Project.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
+ #
+ # No more than 256 labels can be associated with a given resource.
+ #
+ # Clients should store labels in a representation such as JSON that does not
+ # depend on specific characters being disallowed.
+ #
+ # Example: <code>"environment" : "dev"</code>
+ # Read-write.
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Creation time.
+ #
+ # Read-only.
+ "lifecycleState": "A String", # The Project lifecycle state.
+ #
+ # Read-only.
+ "projectNumber": "A String", # The number uniquely identifying the project.
+ #
+ # Example: <code>415104041262</code>
+ # Read-only.
+ },
],
}</pre>
</div>
@@ -1891,7 +1405,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -1921,8 +1434,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -2012,8 +1525,8 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
+ "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
+ # set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -2064,6 +1577,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -2194,52 +1708,89 @@
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`.
+ # Multiple `bindings` must not be specified for the same `role`.
+ # `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ # Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ #
+ # * `domain:{domain}`: A Google Apps domain name that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
- # An AuditConifg must have one or more AuditLogConfigs.
+ # An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditConfig are exempted.
+ #
# Example Policy with multiple AuditConfigs:
- # {
- # "audit_configs": [
+ #
# {
- # "service": "allServices"
- # "audit_log_configs": [
+ # "audit_configs": [
# {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:foo@gmail.com"
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:foo@gmail.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
# ]
# },
# {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "fooservice@googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:bar@gmail.com"
+ # "service": "fooservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:bar@gmail.com"
+ # ]
+ # }
# ]
# }
# ]
# }
- # ]
- # }
+ #
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
@@ -2287,39 +1838,6 @@
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
- "bindings": [ # Associates a list of `members` to a `role`.
- # Multiple `bindings` must not be specified for the same `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- # Required
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` or `joe@example.com`.
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `domain:{domain}`: A Google Apps domain name that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- },
- ],
"version": 42, # Version of the `Policy`. The default version is 0.
},
"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
@@ -2368,52 +1886,89 @@
#
# For a description of IAM and its features, see the
# [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`.
+ # Multiple `bindings` must not be specified for the same `role`.
+ # `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ # Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ #
+ # * `domain:{domain}`: A Google Apps domain name that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
- # An AuditConifg must have one or more AuditLogConfigs.
+ # An AuditConfig must have one or more AuditLogConfigs.
#
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditConfig are exempted.
+ #
# Example Policy with multiple AuditConfigs:
- # {
- # "audit_configs": [
+ #
# {
- # "service": "allServices"
- # "audit_log_configs": [
+ # "audit_configs": [
# {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:foo@gmail.com"
+ # "service": "allServices"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:foo@gmail.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # },
+ # {
+ # "log_type": "ADMIN_READ",
+ # }
# ]
# },
# {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "fooservice@googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:bar@gmail.com"
+ # "service": "fooservice.googleapis.com"
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:bar@gmail.com"
+ # ]
+ # }
# ]
# }
# ]
# }
- # ]
- # }
+ #
# For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts foo@gmail.com from DATA_READ logging, and
# bar@gmail.com from DATA_WRITE logging.
@@ -2461,39 +2016,6 @@
#
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
# policy is overwritten blindly.
- "bindings": [ # Associates a list of `members` to a `role`.
- # Multiple `bindings` must not be specified for the same `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- # Required
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` or `joe@example.com`.
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- # * `domain:{domain}`: A Google Apps domain name that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- },
- ],
"version": 42, # Version of the `Policy`. The default version is 0.
}</pre>
</div>
@@ -2518,7 +2040,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -2548,8 +2069,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -2639,427 +2160,11 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- },
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
- },
- "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
- # resource.
- "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
- # configuration is acceptable.
- #
- # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess`
- # with `constraint_default` set to `ALLOW`. A `Policy` for that
- # `Constraint` exhibits the following behavior:
- # - If the `Policy` at this resource has enforced set to `false`, serial
- # port connection attempts will be allowed.
- # - If the `Policy` at this resource has enforced set to `true`, serial
- # port connection attempts will be refused.
- # - If the `Policy` at this resource is `RestoreDefault`, serial port
- # connection attempts will be allowed.
- # - If no `Policy` is set at this resource or anywhere higher in the
- # resource hierarchy, serial port connection attempts will be allowed.
- # - If no `Policy` is set at this resource, but one exists higher in the
- # resource hierarchy, the behavior is as if the`Policy` were set at
- # this resource.
- #
- # The following examples demonstrate the different possible layerings:
- #
- # Example 1 (nearest `Constraint` wins):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has no `Policy` set.
- # The constraint at `projects/bar` and `organizations/foo` will not be
- # enforced.
- #
- # Example 2 (enforcement gets replaced):
- # `organizations/foo` has a `Policy` with:
- # {enforced: false}
- # `projects/bar` has a `Policy` with:
- # {enforced: true}
- # The constraint at `organizations/foo` is not enforced.
- # The constraint at `projects/bar` is enforced.
- #
- # Example 3 (RestoreDefault):
- # `organizations/foo` has a `Policy` with:
- # {enforced: true}
- # `projects/bar` has a `Policy` with:
- # {RestoreDefault: {}}
- # The constraint at `organizations/foo` is enforced.
- # The constraint at `projects/bar` is not enforced, because
- # `constraint_default` for the `Constraint` is `ALLOW`.
- },
- "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
- # concurrency control.
- #
- # When the `Policy` is returned from either a `GetPolicy` or a
- # `ListOrgPolicy` request, this `etag` indicates the version of the current
- # `Policy` to use when executing a read-modify-write loop.
- #
- # When the `Policy` is returned from a `GetEffectivePolicy` request, the
- # `etag` will be unset.
- #
- # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
- # that was returned from a `GetOrgPolicy` request as part of a
- # read-modify-write loop for concurrency control. Not setting the `etag`in a
- # `SetOrgPolicy` request will result in an unconditional write of the
- # `Policy`.
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="setOrgPolicyV1">setOrgPolicyV1(resource, body, x__xgafv=None)</code>
- <pre>Updates the specified `Policy` on the resource. Creates a new `Policy` for
-that `Constraint` on the resource if one does not exist.
-
-Not supplying an `etag` on the request `Policy` results in an unconditional
-write of the `Policy`.
-
-Args:
- resource: string, Resource name of the resource to attach the `Policy`. (required)
- body: object, The request body. (required)
- The object takes the form of:
-
-{ # The request sent to the SetOrgPolicyRequest method.
- "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource.
- # for configurations of Cloud Platform resources.
- "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the
- # server, not specified by the caller, and represents the last time a call to
- # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
- # be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
- "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
- # `constraints/serviceuser.services`.
- #
- # Immutable after creation.
- "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
- # `Constraint` type.
- # `constraint_default` enforcement behavior of the specific `Constraint` at
- # this resource.
- #
- # Suppose that `constraint_default` is set to `ALLOW` for the
- # `Constraint` `constraints/serviceuser.services`. Suppose that organization
- # foo.com sets a `Policy` at their Organization resource node that restricts
- # the allowed service activations to deny all service activations. They
- # could then set a `Policy` with the `policy_type` `restore_default` on
- # several experimental projects, restoring the `constraint_default`
- # enforcement of the `Constraint` for only those projects, allowing those
- # projects to have all services activated.
- },
- "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
- # resource.
- #
- # A `ListPolicy` can define specific values that are allowed or denied by
- # setting either the `allowed_values` or `denied_values` fields. It can also
- # be used to allow or deny all values, by setting the `all_values` field. If
- # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values`
- # or `denied_values` must be set (attempting to set both or neither will
- # result in a failed request). If `all_values` is set to either `ALLOW` or
- # `DENY`, `allowed_values` and `denied_values` must be unset.
- "allValues": "A String", # The policy all_values state.
"deniedValues": [ # List of values denied at this resource. Can only be set if no values are
# set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
- "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`.
- #
- # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
- # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
- # set to `true`, then the values from the effective `Policy` of the parent
- # resource are inherited, meaning the values set in this `Policy` are
- # added to the values inherited up the hierarchy.
- #
- # Setting `Policy` hierarchies that inherit both allowed values and denied
- # values isn't recommended in most circumstances to keep the configuration
- # simple and understandable. However, it is possible to set a `Policy` with
- # `allowed_values` set that inherits a `Policy` with `denied_values` set.
- # In this case, the values that are allowed must be in `allowed_values` and
- # not present in `denied_values`.
- #
- # For example, suppose you have a `Constraint`
- # `constraints/serviceuser.services`, which has a `constraint_type` of
- # `list_constraint`, and with `constraint_default` set to `ALLOW`.
- # Suppose that at the Organization level, a `Policy` is applied that
- # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
- # `Policy` is applied to a project below the Organization that has
- # `inherit_from_parent` set to `false` and field all_values set to DENY,
- # then an attempt to activate any API will be denied.
- #
- # The following examples demonstrate different possible layerings:
- #
- # Example 1 (no inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # ``projects/bar`` has `inherit_from_parent` `false` and values:
- # {allowed_values: "E3" allowed_values: "E4"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E3`, and `E4`.
- #
- # Example 2 (inherited values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {value: “E3” value: ”E4” inherit_from_parent: true}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
- #
- # Example 3 (inheriting both allowed and denied values):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: "E1" allowed_values: "E2"}
- # `projects/bar` has a `Policy` with:
- # {denied_values: "E1"}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The value accepted at `projects/bar` is `E2`.
- #
- # Example 4 (RestoreDefault):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values:”E2”}
- # `projects/bar` has a `Policy` with values:
- # {RestoreDefault: {}}
- # The accepted values at `organizations/foo` are `E1`, `E2`.
- # The accepted values at `projects/bar` are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 5 (no policy inherits parent policy):
- # `organizations/foo` has no `Policy` set.
- # `projects/bar` has no `Policy` set.
- # The accepted values at both levels are either all or none depending on
- # the value of `constraint_default` (if `ALLOW`, all; if
- # `DENY`, none).
- #
- # Example 6 (ListConstraint allowing all):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: ALLOW}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # Any value is accepted at `projects/bar`.
- #
- # Example 7 (ListConstraint allowing none):
- # `organizations/foo` has a `Policy` with values:
- # {allowed_values: “E1” allowed_values: ”E2”}
- # `projects/bar` has a `Policy` with:
- # {all: DENY}
- # The accepted values at `organizations/foo` are `E1`, E2`.
- # No value is accepted at `projects/bar`.
- "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration
- # that matches the value specified in this `Policy`. If `suggested_value`
- # is not set, it will inherit the value specified higher in the hierarchy,
- # unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
- # `ALL_VALUES_UNSPECIFIED`.
- "A String",
- ],
},
"booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
# resource.
@@ -3107,6 +2212,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -3139,7 +2245,6 @@
# server, not specified by the caller, and represents the last time a call to
# `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
# be ignored.
- "version": 42, # Version of the `Policy`. Default version is 0;
"constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example,
# `constraints/serviceuser.services`.
#
@@ -3169,8 +2274,8 @@
# result in a failed request). If `all_values` is set to either `ALLOW` or
# `DENY`, `allowed_values` and `denied_values` must be unset.
"allValues": "A String", # The policy all_values state.
- "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
- # set for `allowed_values` and `all_values` is set to
+ "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
+ # set for `denied_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -3260,8 +2365,8 @@
# that matches the value specified in this `Policy`. If `suggested_value`
# is not set, it will inherit the value specified higher in the hierarchy,
# unless `inherit_from_parent` is `false`.
- "allowedValues": [ # List of values allowed at this resource. an only be set if no values are
- # set for `denied_values` and `all_values` is set to
+ "deniedValues": [ # List of values denied at this resource. Can only be set if no values are
+ # set for `allowed_values` and `all_values` is set to
# `ALL_VALUES_UNSPECIFIED`.
"A String",
],
@@ -3312,6 +2417,7 @@
# The constraint at `projects/bar` is not enforced, because
# `constraint_default` for the `Constraint` is `ALLOW`.
},
+ "version": 42, # Version of the `Policy`. Default version is 0;
"etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for
# concurrency control.
#
@@ -3421,22 +2527,92 @@
The object takes the form of:
{ # A Project is a high-level Google Cloud Platform entity. It is a
+ # container for ACLs, APIs, App Engine Apps, VMs, and other
+ # Google Cloud Platform resources.
+ "name": "A String", # The user-assigned display name of the Project.
+ # It must be 4 to 30 characters.
+ # Allowed characters are: lowercase and uppercase letters, numbers,
+ # hyphen, single-quote, double-quote, space, and exclamation point.
+ #
+ # Example: <code>My Project</code>
+ # Read-write.
+ "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
+ #
+ # The only supported parent type is "organization". Once set, the parent
+ # cannot be modified. The `parent` can be set on creation or using the
+ # `UpdateProject` method; the end user must have the
+ # `resourcemanager.projects.create` permission on the parent.
+ #
+ # Read-write.
+ # Cloud Platform is a generic term for something you (a developer) may want to
+ # interact with through one of our API's. Some examples are an App Engine app,
+ # a Compute Engine instance, a Cloud SQL database, and so on.
+ "type": "A String", # Required field representing the resource type this id is for.
+ # At present, the valid types are: "organization"
+ "id": "A String", # Required field for the type-specific id. This should correspond to the id
+ # used in the type-specific API's.
+ },
+ "projectId": "A String", # The unique, user-assigned ID of the Project.
+ # It must be 6 to 30 lowercase letters, digits, or hyphens.
+ # It must start with a letter.
+ # Trailing hyphens are prohibited.
+ #
+ # Example: <code>tokyo-rain-123</code>
+ # Read-only after creation.
+ "labels": { # The labels associated with this Project.
+ #
+ # Label keys must be between 1 and 63 characters long and must conform
+ # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
+ #
+ # Label values must be between 0 and 63 characters long and must conform
+ # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
+ #
+ # No more than 256 labels can be associated with a given resource.
+ #
+ # Clients should store labels in a representation such as JSON that does not
+ # depend on specific characters being disallowed.
+ #
+ # Example: <code>"environment" : "dev"</code>
+ # Read-write.
+ "a_key": "A String",
+ },
+ "createTime": "A String", # Creation time.
+ #
+ # Read-only.
+ "lifecycleState": "A String", # The Project lifecycle state.
+ #
+ # Read-only.
+ "projectNumber": "A String", # The number uniquely identifying the project.
+ #
+ # Example: <code>415104041262</code>
+ # Read-only.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A Project is a high-level Google Cloud Platform entity. It is a
# container for ACLs, APIs, App Engine Apps, VMs, and other
# Google Cloud Platform resources.
"name": "A String", # The user-assigned display name of the Project.
# It must be 4 to 30 characters.
# Allowed characters are: lowercase and uppercase letters, numbers,
# hyphen, single-quote, double-quote, space, and exclamation point.
- #
+ #
# Example: <code>My Project</code>
# Read-write.
"parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
- #
+ #
# The only supported parent type is "organization". Once set, the parent
# cannot be modified. The `parent` can be set on creation or using the
# `UpdateProject` method; the end user must have the
# `resourcemanager.projects.create` permission on the parent.
- #
+ #
# Read-write.
# Cloud Platform is a generic term for something you (a developer) may want to
# interact with through one of our API's. Some examples are an App Engine app,
@@ -3450,107 +2626,37 @@
# It must be 6 to 30 lowercase letters, digits, or hyphens.
# It must start with a letter.
# Trailing hyphens are prohibited.
- #
+ #
# Example: <code>tokyo-rain-123</code>
# Read-only after creation.
"labels": { # The labels associated with this Project.
- #
+ #
# Label keys must be between 1 and 63 characters long and must conform
# to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
- #
+ #
# Label values must be between 0 and 63 characters long and must conform
# to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
- #
+ #
# No more than 256 labels can be associated with a given resource.
- #
+ #
# Clients should store labels in a representation such as JSON that does not
# depend on specific characters being disallowed.
- #
+ #
# Example: <code>"environment" : "dev"</code>
# Read-write.
"a_key": "A String",
},
- "projectNumber": "A String", # The number uniquely identifying the project.
- #
- # Example: <code>415104041262</code>
+ "createTime": "A String", # Creation time.
+ #
# Read-only.
"lifecycleState": "A String", # The Project lifecycle state.
- #
+ #
# Read-only.
- "createTime": "A String", # Creation time.
- #
+ "projectNumber": "A String", # The number uniquely identifying the project.
+ #
+ # Example: <code>415104041262</code>
# Read-only.
- }
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # A Project is a high-level Google Cloud Platform entity. It is a
- # container for ACLs, APIs, App Engine Apps, VMs, and other
- # Google Cloud Platform resources.
- "name": "A String", # The user-assigned display name of the Project.
- # It must be 4 to 30 characters.
- # Allowed characters are: lowercase and uppercase letters, numbers,
- # hyphen, single-quote, double-quote, space, and exclamation point.
- #
- # Example: <code>My Project</code>
- # Read-write.
- "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
- #
- # The only supported parent type is "organization". Once set, the parent
- # cannot be modified. The `parent` can be set on creation or using the
- # `UpdateProject` method; the end user must have the
- # `resourcemanager.projects.create` permission on the parent.
- #
- # Read-write.
- # Cloud Platform is a generic term for something you (a developer) may want to
- # interact with through one of our API's. Some examples are an App Engine app,
- # a Compute Engine instance, a Cloud SQL database, and so on.
- "type": "A String", # Required field representing the resource type this id is for.
- # At present, the valid types are: "organization"
- "id": "A String", # Required field for the type-specific id. This should correspond to the id
- # used in the type-specific API's.
- },
- "projectId": "A String", # The unique, user-assigned ID of the Project.
- # It must be 6 to 30 lowercase letters, digits, or hyphens.
- # It must start with a letter.
- # Trailing hyphens are prohibited.
- #
- # Example: <code>tokyo-rain-123</code>
- # Read-only after creation.
- "labels": { # The labels associated with this Project.
- #
- # Label keys must be between 1 and 63 characters long and must conform
- # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
- #
- # Label values must be between 0 and 63 characters long and must conform
- # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?.
- #
- # No more than 256 labels can be associated with a given resource.
- #
- # Clients should store labels in a representation such as JSON that does not
- # depend on specific characters being disallowed.
- #
- # Example: <code>"environment" : "dev"</code>
- # Read-write.
- "a_key": "A String",
- },
- "projectNumber": "A String", # The number uniquely identifying the project.
- #
- # Example: <code>415104041262</code>
- # Read-only.
- "lifecycleState": "A String", # The Project lifecycle state.
- #
- # Read-only.
- "createTime": "A String", # Creation time.
- #
- # Read-only.
- }</pre>
+ }</pre>
</div>
</body></html>
\ No newline at end of file