docs: update docs (#916)
* fix: re-run script
* test: fix noxfile
diff --git a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
index 3698a10..e90a30c 100644
--- a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
+++ b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
@@ -84,7 +84,7 @@
<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>
<p class="firstline">Get an Access Level by resource</p>
<p class="toc_element">
- <code><a href="#list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Access Levels for an access</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -146,15 +146,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
},
"title": "A String", # Human readable title. Must be unique within the Policy.
@@ -163,28 +163,12 @@
# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
# // of the `short_name` component is 50 characters.
"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
# AND over its fields. So a Condition is true if: 1) the request IP is from one
# of the listed subnetworks AND 2) the originating device complies with the
# listed device policy AND 3) all listed access levels are granted AND 4) the
# request was sent at a time allowed by the DateTimeRestriction.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
# Condition to be true. If not specified, all devices are allowed.
# given access level. A `DevicePolicy` specifies requirements for requests from
@@ -195,29 +179,29 @@
# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
# true for requests originating from encrypted Linux desktops and encrypted
# Windows desktops.
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
# levels.
"A String",
],
"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
{ # A restriction on the OS type and version of devices making requests.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
# Verifications includes requirements that the device is enterprise-managed,
# conformant to domain policies, and the caller has permission to call
# the API targeted by the request.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "osType": "A String", # Required. The allowed OS type.
},
],
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
},
"members": [ # The request must be made by one of the provided user or service
# accounts. Groups are not supported.
@@ -240,8 +224,24 @@
"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
# its non-empty fields, each field must be false for the Condition overall to
# be satisfied. Defaults to false.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
},
],
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
},
"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
}
@@ -256,16 +256,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -296,6 +286,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>
@@ -321,16 +321,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -361,6 +351,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>
@@ -426,15 +426,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
},
"title": "A String", # Human readable title. Must be unique within the Policy.
@@ -443,28 +443,12 @@
# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
# // of the `short_name` component is 50 characters.
"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
# AND over its fields. So a Condition is true if: 1) the request IP is from one
# of the listed subnetworks AND 2) the originating device complies with the
# listed device policy AND 3) all listed access levels are granted AND 4) the
# request was sent at a time allowed by the DateTimeRestriction.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
# Condition to be true. If not specified, all devices are allowed.
# given access level. A `DevicePolicy` specifies requirements for requests from
@@ -475,29 +459,29 @@
# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
# true for requests originating from encrypted Linux desktops and encrypted
# Windows desktops.
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
# levels.
"A String",
],
"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
{ # A restriction on the OS type and version of devices making requests.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
# Verifications includes requirements that the device is enterprise-managed,
# conformant to domain policies, and the caller has permission to call
# the API targeted by the request.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "osType": "A String", # Required. The allowed OS type.
},
],
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
},
"members": [ # The request must be made by one of the provided user or service
# accounts. Groups are not supported.
@@ -520,15 +504,31 @@
"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
# its non-empty fields, each field must be false for the Condition overall to
# be satisfied. Defaults to false.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
},
],
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
},
"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
<pre>List all Access Levels for an access
policy.
@@ -537,13 +537,13 @@
Format:
`accessPolicies/{policy_id}` (required)
+ accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as
+`CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+`AccessLevels` in the format they were defined.
pageToken: string, Next page token for the next batch of Access Level instances.
Defaults to the first page of results.
pageSize: integer, Number of Access Levels to include in
the list. Default 100.
- accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as
-`CustomLevels`, rather than as `BasicLevels`. Defaults to returning
-`AccessLevels` in the format they were defined.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -593,15 +593,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
},
"title": "A String", # Human readable title. Must be unique within the Policy.
@@ -610,28 +610,12 @@
# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
# // of the `short_name` component is 50 characters.
"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
# AND over its fields. So a Condition is true if: 1) the request IP is from one
# of the listed subnetworks AND 2) the originating device complies with the
# listed device policy AND 3) all listed access levels are granted AND 4) the
# request was sent at a time allowed by the DateTimeRestriction.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
# Condition to be true. If not specified, all devices are allowed.
# given access level. A `DevicePolicy` specifies requirements for requests from
@@ -642,29 +626,29 @@
# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
# true for requests originating from encrypted Linux desktops and encrypted
# Windows desktops.
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
# levels.
"A String",
],
"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
{ # A restriction on the OS type and version of devices making requests.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
# Verifications includes requirements that the device is enterprise-managed,
# conformant to domain policies, and the caller has permission to call
# the API targeted by the request.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "osType": "A String", # Required. The allowed OS type.
},
],
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
},
"members": [ # The request must be made by one of the provided user or service
# accounts. Groups are not supported.
@@ -687,8 +671,24 @@
"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
# its non-empty fields, each field must be false for the Condition overall to
# be satisfied. Defaults to false.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
},
],
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
},
"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
},
@@ -763,15 +763,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
},
"title": "A String", # Human readable title. Must be unique within the Policy.
@@ -780,28 +780,12 @@
# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
# // of the `short_name` component is 50 characters.
"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
# AND over its fields. So a Condition is true if: 1) the request IP is from one
# of the listed subnetworks AND 2) the originating device complies with the
# listed device policy AND 3) all listed access levels are granted AND 4) the
# request was sent at a time allowed by the DateTimeRestriction.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
# Condition to be true. If not specified, all devices are allowed.
# given access level. A `DevicePolicy` specifies requirements for requests from
@@ -812,29 +796,29 @@
# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
# true for requests originating from encrypted Linux desktops and encrypted
# Windows desktops.
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
# levels.
"A String",
],
"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
{ # A restriction on the OS type and version of devices making requests.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
# Verifications includes requirements that the device is enterprise-managed,
# conformant to domain policies, and the caller has permission to call
# the API targeted by the request.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "osType": "A String", # Required. The allowed OS type.
},
],
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
},
"members": [ # The request must be made by one of the provided user or service
# accounts. Groups are not supported.
@@ -857,8 +841,24 @@
"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
# its non-empty fields, each field must be false for the Condition overall to
# be satisfied. Defaults to false.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
},
],
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
},
"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
}
@@ -874,16 +874,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -914,6 +904,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>