docs: update docs (#916)
* fix: re-run script
* test: fix noxfile
diff --git a/docs/dyn/spanner_v1.projects.instances.html b/docs/dyn/spanner_v1.projects.instances.html
index 9556650..519e2bf 100644
--- a/docs/dyn/spanner_v1.projects.instances.html
+++ b/docs/dyn/spanner_v1.projects.instances.html
@@ -112,7 +112,7 @@
<code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the access control policy for an instance resource. Returns an empty</p>
<p class="toc_element">
- <code><a href="#list">list(parent, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, pageToken=None, filter=None, pageSize=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists all instances in the given project.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -180,18 +180,6 @@
# after the instance is created. Values are of the form
# `projects/<project>/instances/a-z*[a-z0-9]`. The final
# segment of the name must be between 2 and 64 characters in length.
- "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
- # Must be unique per project and between 4 and 30 characters in length.
- "endpointUris": [ # Deprecated. This field is not populated.
- "A String",
- ],
- "nodeCount": 42, # The number of nodes allocated to this instance. This
- # may be zero in API responses for instances that are not yet in state
- # `READY`.
- #
- # See [the
- # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
- # for more information about nodes.
"labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud
# resources into groups that reflect a customer's organizational needs and
# deployment strategies. Cloud Labels can be used to filter collections of
@@ -215,15 +203,27 @@
# allow "_" in a future release.
"a_key": "A String",
},
- "config": "A String", # Required. The name of the instance's configuration. Values are of the form
- # `projects/<project>/instanceConfigs/<configuration>`. See
- # also InstanceConfig and
- # ListInstanceConfigs.
+ "endpointUris": [ # Deprecated. This field is not populated.
+ "A String",
+ ],
+ "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
+ # Must be unique per project and between 4 and 30 characters in length.
+ "nodeCount": 42, # The number of nodes allocated to this instance. This
+ # may be zero in API responses for instances that are not yet in state
+ # `READY`.
+ #
+ # See [the
+ # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
+ # for more information about nodes.
"state": "A String", # Output only. The current instance state. For
# CreateInstance, the state must be
# either omitted or set to `CREATING`. For
# UpdateInstance, the state must be
# either omitted or set to `READY`.
+ "config": "A String", # Required. The name of the instance's configuration. Values are of the form
+ # `projects/<project>/instanceConfigs/<configuration>`. See
+ # also InstanceConfig and
+ # ListInstanceConfigs.
},
}
@@ -237,6 +237,33 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
@@ -250,33 +277,6 @@
# `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "metadata": { # Service-specific metadata associated with the operation. It typically
- # contains progress information and common metadata such as create time.
- # Some services might not provide such metadata. Any method that returns a
- # long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
}</pre>
</div>
@@ -340,18 +340,6 @@
# after the instance is created. Values are of the form
# `projects/<project>/instances/a-z*[a-z0-9]`. The final
# segment of the name must be between 2 and 64 characters in length.
- "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
- # Must be unique per project and between 4 and 30 characters in length.
- "endpointUris": [ # Deprecated. This field is not populated.
- "A String",
- ],
- "nodeCount": 42, # The number of nodes allocated to this instance. This
- # may be zero in API responses for instances that are not yet in state
- # `READY`.
- #
- # See [the
- # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
- # for more information about nodes.
"labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud
# resources into groups that reflect a customer's organizational needs and
# deployment strategies. Cloud Labels can be used to filter collections of
@@ -375,15 +363,27 @@
# allow "_" in a future release.
"a_key": "A String",
},
- "config": "A String", # Required. The name of the instance's configuration. Values are of the form
- # `projects/<project>/instanceConfigs/<configuration>`. See
- # also InstanceConfig and
- # ListInstanceConfigs.
+ "endpointUris": [ # Deprecated. This field is not populated.
+ "A String",
+ ],
+ "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
+ # Must be unique per project and between 4 and 30 characters in length.
+ "nodeCount": 42, # The number of nodes allocated to this instance. This
+ # may be zero in API responses for instances that are not yet in state
+ # `READY`.
+ #
+ # See [the
+ # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
+ # for more information about nodes.
"state": "A String", # Output only. The current instance state. For
# CreateInstance, the state must be
# either omitted or set to `CREATING`. For
# UpdateInstance, the state must be
# either omitted or set to `READY`.
+ "config": "A String", # Required. The name of the instance's configuration. Values are of the form
+ # `projects/<project>/instanceConfigs/<configuration>`. See
+ # also InstanceConfig and
+ # ListInstanceConfigs.
}</pre>
</div>
@@ -411,6 +411,10 @@
# Requests for policies with any conditional bindings must specify version 3.
# Policies without any conditional bindings may specify any valid value or
# leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
}
@@ -432,10 +436,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -452,7 +458,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -485,47 +493,24 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -558,13 +543,13 @@
# documentation for additional information.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -611,20 +596,57 @@
#
"A String",
],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(parent, pageToken=None, filter=None, pageSize=None, x__xgafv=None)</code>
<pre>Lists all instances in the given project.
Args:
parent: string, Required. The name of the project for which a list of instances is
requested. Values are of the form `projects/<project>`. (required)
+ pageToken: string, If non-empty, `page_token` should contain a
+next_page_token from a
+previous ListInstancesResponse.
filter: string, An expression for filtering the results of the request. Filter rules are
case insensitive. The fields eligible for filtering are:
@@ -644,9 +666,6 @@
* `name:howl labels.env:dev` --> The instance's name contains "howl" and
it has the label "env" with its value
containing "dev".
- pageToken: string, If non-empty, `page_token` should contain a
-next_page_token from a
-previous ListInstancesResponse.
pageSize: integer, Number of instances to be returned in the response. If 0 or less, defaults
to the server's maximum allowed page size.
x__xgafv: string, V1 error format.
@@ -664,18 +683,6 @@
# after the instance is created. Values are of the form
# `projects/<project>/instances/a-z*[a-z0-9]`. The final
# segment of the name must be between 2 and 64 characters in length.
- "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
- # Must be unique per project and between 4 and 30 characters in length.
- "endpointUris": [ # Deprecated. This field is not populated.
- "A String",
- ],
- "nodeCount": 42, # The number of nodes allocated to this instance. This
- # may be zero in API responses for instances that are not yet in state
- # `READY`.
- #
- # See [the
- # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
- # for more information about nodes.
"labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud
# resources into groups that reflect a customer's organizational needs and
# deployment strategies. Cloud Labels can be used to filter collections of
@@ -699,15 +706,27 @@
# allow "_" in a future release.
"a_key": "A String",
},
- "config": "A String", # Required. The name of the instance's configuration. Values are of the form
- # `projects/<project>/instanceConfigs/<configuration>`. See
- # also InstanceConfig and
- # ListInstanceConfigs.
+ "endpointUris": [ # Deprecated. This field is not populated.
+ "A String",
+ ],
+ "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
+ # Must be unique per project and between 4 and 30 characters in length.
+ "nodeCount": 42, # The number of nodes allocated to this instance. This
+ # may be zero in API responses for instances that are not yet in state
+ # `READY`.
+ #
+ # See [the
+ # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
+ # for more information about nodes.
"state": "A String", # Output only. The current instance state. For
# CreateInstance, the state must be
# either omitted or set to `CREATING`. For
# UpdateInstance, the state must be
# either omitted or set to `READY`.
+ "config": "A String", # Required. The name of the instance's configuration. Values are of the form
+ # `projects/<project>/instanceConfigs/<configuration>`. See
+ # also InstanceConfig and
+ # ListInstanceConfigs.
},
],
"nextPageToken": "A String", # `next_page_token` can be sent in a subsequent
@@ -782,28 +801,12 @@
The object takes the form of:
{ # The request for UpdateInstance.
- "fieldMask": "A String", # Required. A mask specifying which fields in Instance should be updated.
- # The field mask must always be specified; this prevents any future fields in
- # Instance from being erased accidentally by clients that do not know
- # about them.
"instance": { # An isolated set of Cloud Spanner resources on which databases can be hosted. # Required. The instance to update, which must always include the instance
# name. Otherwise, only fields mentioned in field_mask need be included.
"name": "A String", # Required. A unique identifier for the instance, which cannot be changed
# after the instance is created. Values are of the form
# `projects/<project>/instances/a-z*[a-z0-9]`. The final
# segment of the name must be between 2 and 64 characters in length.
- "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
- # Must be unique per project and between 4 and 30 characters in length.
- "endpointUris": [ # Deprecated. This field is not populated.
- "A String",
- ],
- "nodeCount": 42, # The number of nodes allocated to this instance. This
- # may be zero in API responses for instances that are not yet in state
- # `READY`.
- #
- # See [the
- # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
- # for more information about nodes.
"labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud
# resources into groups that reflect a customer's organizational needs and
# deployment strategies. Cloud Labels can be used to filter collections of
@@ -827,16 +830,32 @@
# allow "_" in a future release.
"a_key": "A String",
},
- "config": "A String", # Required. The name of the instance's configuration. Values are of the form
- # `projects/<project>/instanceConfigs/<configuration>`. See
- # also InstanceConfig and
- # ListInstanceConfigs.
+ "endpointUris": [ # Deprecated. This field is not populated.
+ "A String",
+ ],
+ "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs.
+ # Must be unique per project and between 4 and 30 characters in length.
+ "nodeCount": 42, # The number of nodes allocated to this instance. This
+ # may be zero in API responses for instances that are not yet in state
+ # `READY`.
+ #
+ # See [the
+ # documentation](https://cloud.google.com/spanner/docs/instances#node_count)
+ # for more information about nodes.
"state": "A String", # Output only. The current instance state. For
# CreateInstance, the state must be
# either omitted or set to `CREATING`. For
# UpdateInstance, the state must be
# either omitted or set to `READY`.
+ "config": "A String", # Required. The name of the instance's configuration. Values are of the form
+ # `projects/<project>/instanceConfigs/<configuration>`. See
+ # also InstanceConfig and
+ # ListInstanceConfigs.
},
+ "fieldMask": "A String", # Required. A mask specifying which fields in Instance should be updated.
+ # The field mask must always be specified; this prevents any future fields in
+ # Instance from being erased accidentally by clients that do not know
+ # about them.
}
x__xgafv: string, V1 error format.
@@ -849,6 +868,33 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
"done": True or False, # If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
@@ -862,33 +908,6 @@
# `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- },
- "metadata": { # Service-specific metadata associated with the operation. It typically
- # contains progress information and common metadata such as create time.
- # Some services might not provide such metadata. Any method that returns a
- # long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
}</pre>
</div>
@@ -919,10 +938,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -939,7 +960,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -972,47 +995,24 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -1045,13 +1045,13 @@
# documentation for additional information.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -1098,10 +1098,44 @@
#
"A String",
],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
}
@@ -1123,10 +1157,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -1143,7 +1179,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -1176,47 +1214,24 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
- # prevent simultaneous updates of a policy from overwriting each other.
- # It is strongly suggested that systems make use of the `etag` in the
- # read-modify-write cycle to perform policy updates in order to avoid race
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
- # systems are expected to put that etag in the request to `setIamPolicy` to
- # ensure that their change will be applied to the same version of the policy.
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -1249,13 +1264,13 @@
# documentation for additional information.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -1302,10 +1317,44 @@
#
"A String",
],
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+ # prevent simultaneous updates of a policy from overwriting each other.
+ # It is strongly suggested that systems make use of the `etag` in the
+ # read-modify-write cycle to perform policy updates in order to avoid race
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+ # systems are expected to put that etag in the request to `setIamPolicy` to
+ # ensure that their change will be applied to the same version of the policy.
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>