docs: update docs (#916)
* fix: re-run script
* test: fix noxfile
diff --git a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html
index 29ad9d8..f13fee0 100644
--- a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html
+++ b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html
@@ -110,69 +110,69 @@
The object takes the form of:
{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
- # import and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
- # Google Cloud project can only belong to a single regular Service Perimeter.
- # Service Perimeter Bridges can contain only Google Cloud projects as members,
- # a single Google Cloud project may belong to multiple Service Perimeter
- # Bridges.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # restricted/unrestricted service lists as well as access lists must be
- # empty.
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted/unrestricted services and access levels that determine perimeter
- # content and boundaries.
- # describe specific Service Perimeter configuration.
- "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
- # restrictions. Deprecated. Must be set to a single wildcard "*".
- #
- # The wildcard means that unless explicitly specified by
- # "restricted_services" list, any service is treated as unrestricted.
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via Google
- # Cloud calls with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
- "A String",
- ],
- "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
- # restrictions. Must contain a list of services. For example, if
- # `storage.googleapis.com` is specified, access to the storage buckets
- # inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
- # Perimeter.
- "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
- # unless 'enable_restriction' is True.
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # restricted/unrestricted service lists as well as access lists must be
+ # empty.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted/unrestricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
"A String",
],
- "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
- # APIs specified in 'allowed_services'.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. Must contain a list of services. For example, if
+ # `storage.googleapis.com` is specified, access to the storage buckets
+ # inside the perimeter must meet the perimeter's access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
+ # restrictions. Deprecated. Must be set to a single wildcard "*".
+ #
+ # The wildcard means that unless explicitly specified by
+ # "restricted_services" list, any service is treated as unrestricted.
+ "A String",
+ ],
},
- },
-}
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ }
x__xgafv: string, V1 error format.
Allowed values
@@ -184,16 +184,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -224,6 +214,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>
@@ -249,16 +249,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -289,6 +279,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>
@@ -311,69 +311,69 @@
An object of the form:
{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
- # import and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
- # Google Cloud project can only belong to a single regular Service Perimeter.
- # Service Perimeter Bridges can contain only Google Cloud projects as members,
- # a single Google Cloud project may belong to multiple Service Perimeter
- # Bridges.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # restricted/unrestricted service lists as well as access lists must be
- # empty.
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted/unrestricted services and access levels that determine perimeter
- # content and boundaries.
- # describe specific Service Perimeter configuration.
- "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
- # restrictions. Deprecated. Must be set to a single wildcard "*".
- #
- # The wildcard means that unless explicitly specified by
- # "restricted_services" list, any service is treated as unrestricted.
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via Google
- # Cloud calls with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
- "A String",
- ],
- "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
- # restrictions. Must contain a list of services. For example, if
- # `storage.googleapis.com` is specified, access to the storage buckets
- # inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
- # Perimeter.
- "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
- # unless 'enable_restriction' is True.
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # restricted/unrestricted service lists as well as access lists must be
+ # empty.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted/unrestricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
"A String",
],
- "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
- # APIs specified in 'allowed_services'.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. Must contain a list of services. For example, if
+ # `storage.googleapis.com` is specified, access to the storage buckets
+ # inside the perimeter must meet the perimeter's access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
+ # restrictions. Deprecated. Must be set to a single wildcard "*".
+ #
+ # The wildcard means that unless explicitly specified by
+ # "restricted_services" list, any service is treated as unrestricted.
+ "A String",
+ ],
},
- },
- }</pre>
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ }</pre>
</div>
<div class="method">
@@ -401,69 +401,69 @@
{ # A response to `ListServicePerimetersRequest`.
"servicePerimeters": [ # List of the Service Perimeter instances.
{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
- # import and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
- # Google Cloud project can only belong to a single regular Service Perimeter.
- # Service Perimeter Bridges can contain only Google Cloud projects as members,
- # a single Google Cloud project may belong to multiple Service Perimeter
- # Bridges.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # restricted/unrestricted service lists as well as access lists must be
- # empty.
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted/unrestricted services and access levels that determine perimeter
- # content and boundaries.
- # describe specific Service Perimeter configuration.
- "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
- # restrictions. Deprecated. Must be set to a single wildcard "*".
- #
- # The wildcard means that unless explicitly specified by
- # "restricted_services" list, any service is treated as unrestricted.
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via Google
- # Cloud calls with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
- "A String",
- ],
- "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
- # restrictions. Must contain a list of services. For example, if
- # `storage.googleapis.com` is specified, access to the storage buckets
- # inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
- # Perimeter.
- "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
- # unless 'enable_restriction' is True.
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # restricted/unrestricted service lists as well as access lists must be
+ # empty.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted/unrestricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
"A String",
],
- "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
- # APIs specified in 'allowed_services'.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. Must contain a list of services. For example, if
+ # `storage.googleapis.com` is specified, access to the storage buckets
+ # inside the perimeter must meet the perimeter's access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
+ # restrictions. Deprecated. Must be set to a single wildcard "*".
+ #
+ # The wildcard means that unless explicitly specified by
+ # "restricted_services" list, any service is treated as unrestricted.
+ "A String",
+ ],
},
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
},
- },
],
"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is
# empty, no further results remain.
@@ -500,69 +500,69 @@
The object takes the form of:
{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
- # import and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
- # Google Cloud project can only belong to a single regular Service Perimeter.
- # Service Perimeter Bridges can contain only Google Cloud projects as members,
- # a single Google Cloud project may belong to multiple Service Perimeter
- # Bridges.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # restricted/unrestricted service lists as well as access lists must be
- # empty.
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted/unrestricted services and access levels that determine perimeter
- # content and boundaries.
- # describe specific Service Perimeter configuration.
- "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
- # restrictions. Deprecated. Must be set to a single wildcard "*".
- #
- # The wildcard means that unless explicitly specified by
- # "restricted_services" list, any service is treated as unrestricted.
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via Google
- # Cloud calls with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
- "A String",
- ],
- "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
- # restrictions. Must contain a list of services. For example, if
- # `storage.googleapis.com` is specified, access to the storage buckets
- # inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
- # Perimeter.
- "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
- # unless 'enable_restriction' is True.
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # restricted/unrestricted service lists as well as access lists must be
+ # empty.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted/unrestricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
"A String",
],
- "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
- # APIs specified in 'allowed_services'.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. Must contain a list of services. For example, if
+ # `storage.googleapis.com` is specified, access to the storage buckets
+ # inside the perimeter must meet the perimeter's access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "unrestrictedServices": [ # Google Cloud services that are not subject to the Service Perimeter
+ # restrictions. Deprecated. Must be set to a single wildcard "*".
+ #
+ # The wildcard means that unless explicitly specified by
+ # "restricted_services" list, any service is treated as unrestricted.
+ "A String",
+ ],
},
- },
-}
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ }
updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
x__xgafv: string, V1 error format.
@@ -575,16 +575,6 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"name": "A String", # The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/{unique_id}`.
@@ -615,6 +605,16 @@
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
}</pre>
</div>