chore: update docs/dyn , add static discovery files to discovery_cache/documents (#1111)
This PR was generated using Autosynth. :rainbow:
Synth log will be available here:
https://source.cloud.google.com/results/invocations/78f53313-0c78-4a29-8841-f031665a4c6a/targets
- [ ] To automatically regenerate this PR, check this box.
Source-Link: https://github.com/googleapis/synthtool/commit/c2de32114ec484aa708d32012d1fa8d75232daf5
diff --git a/docs/dyn/cloudiot_v1.projects.locations.registries.html b/docs/dyn/cloudiot_v1.projects.locations.registries.html
index 1098b46..7d2eda9 100644
--- a/docs/dyn/cloudiot_v1.projects.locations.registries.html
+++ b/docs/dyn/cloudiot_v1.projects.locations.registries.html
@@ -163,39 +163,39 @@
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
}
x__xgafv: string, V1 error format.
@@ -208,39 +208,39 @@
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
}</pre>
</div>
@@ -278,39 +278,39 @@
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
}</pre>
</div>
@@ -338,22 +338,22 @@
An object of the form:
{ # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
- "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- },
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ },
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>
@@ -374,45 +374,45 @@
An object of the form:
{ # Response for `ListDeviceRegistries`.
+ "nextPageToken": "A String", # If not empty, indicates that there may be more registries that match the request; this value should be passed in a new `ListDeviceRegistriesRequest`.
"deviceRegistries": [ # The registries that matched the query.
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
},
],
- "nextPageToken": "A String", # If not empty, indicates that there may be more registries that match the request; this value should be passed in a new `ListDeviceRegistriesRequest`.
}</pre>
</div>
@@ -441,39 +441,39 @@
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
}
updateMask: string, Required. Only updates the `device_registry` fields indicated by this mask. The field mask must not be empty, and it must not contain fields that are immutable or only set by the server. Mutable top-level fields: `event_notification_config`, `http_config`, `mqtt_config`, and `state_notification_config`.
@@ -487,39 +487,39 @@
{ # A container for a group of devices.
"id": "A String", # The identifier of this device registry. For example, `myRegistry`.
- "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
+ "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
+ "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
+ },
"httpConfig": { # The configuration of the HTTP bridge for a device registry. # The DeviceService (HTTP) configuration for this device registry.
"httpEnabledState": "A String", # If enabled, allows devices to use DeviceService via the HTTP protocol. Otherwise, any requests to DeviceService will fail for this registry.
},
+ "logLevel": "A String", # **Beta Feature** The default logging verbosity for activity from devices in this registry. The verbosity level can be overridden by Device.log_level.
+ "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
+ },
"credentials": [ # The credentials used to verify the device credentials. No more than 10 credentials can be bound to a single registry at a time. The verification process occurs at the time of device creation or update. If this field is empty, no verification is performed. Otherwise, the credentials of a newly created device or added credentials of an updated device should be signed with one of these registry credentials. Note, however, that existing devices will never be affected by modifications to this list of credentials: after a device has been successfully created in a registry, it should be able to connect even if its registry credentials are revoked, deleted, or modified.
{ # A server-stored registry credential used to validate device credentials.
"publicKeyCertificate": { # A public key certificate format and data. # A public key certificate used to verify the device credentials.
+ "format": "A String", # The certificate format.
"x509Details": { # Details of an X.509 certificate. For informational purposes only. # [Output only] The certificate details. Used only for X.509 certificates.
- "startTime": "A String", # The time the certificate becomes valid.
"publicKeyType": "A String", # The type of public key in the certificate.
"issuer": "A String", # The entity that signed the certificate.
- "expiryTime": "A String", # The time the certificate becomes invalid.
"subject": "A String", # The entity the certificate and public key belong to.
"signatureAlgorithm": "A String", # The algorithm used to sign the certificate.
+ "startTime": "A String", # The time the certificate becomes valid.
+ "expiryTime": "A String", # The time the certificate becomes invalid.
},
"certificate": "A String", # The certificate data.
- "format": "A String", # The certificate format.
},
},
],
- "name": "A String", # The resource path name. For example, `projects/example-project/locations/us-central1/registries/my-registry`.
- "stateNotificationConfig": { # The configuration for notification of new states received from the device. # The configuration for notification of new states received from the device. State updates are guaranteed to be stored in the state history, but notifications to Cloud Pub/Sub are not guaranteed. For example, if permissions are misconfigured or the specified topic doesn't exist, no notification will be published but the state will still be stored in Cloud IoT Core.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
- },
"eventNotificationConfigs": [ # The configuration for notification of telemetry events received from the device. All telemetry events that were successfully published by the device and acknowledged by Cloud IoT Core are guaranteed to be delivered to Cloud Pub/Sub. If multiple configurations match a message, only the first matching configuration is used. If you try to publish a device telemetry event using MQTT without specifying a Cloud Pub/Sub topic for the device's registry, the connection closes automatically. If you try to do so using an HTTP connection, an error is returned. Up to 10 configurations may be provided.
{ # The configuration for forwarding telemetry events.
- "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
"subfolderMatches": "A String", # If the subfolder name matches this string exactly, this configuration will be used. The string must not include the leading '/' character. If empty, all strings are matched. This field is used only for telemetry events; subfolders are not supported for state changes.
+ "pubsubTopicName": "A String", # A Cloud Pub/Sub topic name. For example, `projects/myProject/topics/deviceEvents`.
},
],
- "mqttConfig": { # The configuration of MQTT for a device registry. # The MQTT configuration for this device registry.
- "mqttEnabledState": "A String", # If enabled, allows connections using the MQTT protocol. Otherwise, MQTT connections to this registry will fail.
- },
}</pre>
</div>
@@ -534,22 +534,22 @@
{ # Request message for `SetIamPolicy` method.
"policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
- "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
- "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- },
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ },
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
}
@@ -562,22 +562,22 @@
An object of the form:
{ # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
- "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
- "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
- "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
- },
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
"members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ },
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>