docs: update generated docs (#981)
diff --git a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
index e90a30c..5646ef5 100644
--- a/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
+++ b/docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html
@@ -84,7 +84,7 @@
<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>
<p class="firstline">Get an Access Level by resource</p>
<p class="toc_element">
- <code><a href="#list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Access Levels for an access</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -110,288 +110,95 @@
The object takes the form of:
{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
- # services, along with a list of requirements necessary for the label to be
- # applied.
- "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
- # to represent the necessary conditions for the level to apply to a request.
- # See CEL spec at: https://github.com/google/cel-spec
- "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
- # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
- # are documented at https://github.com/google/cel-spec.
- #
- # Example (Comparison):
- #
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
- #
- # Example (Equality):
- #
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
- #
- # Example (Logic):
- #
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
- #
- # Example (Data Manipulation):
- #
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
- #
- # The exact variables and functions that may be referenced within an expression
- # are determined by the service that evaluates it. See the service
- # documentation for additional information.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- },
- },
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
- # must begin with a letter and only include alphanumeric and '_'. Format:
- # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
- # // of the `short_name` component is 50 characters.
- "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
- { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
- # AND over its fields. So a Condition is true if: 1) the request IP is from one
- # of the listed subnetworks AND 2) the originating device complies with the
- # listed device policy AND 3) all listed access levels are granted AND 4) the
- # request was sent at a time allowed by the DateTimeRestriction.
- "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
- # Condition to be true. If not specified, all devices are allowed.
- # given access level. A `DevicePolicy` specifies requirements for requests from
- # devices to be granted access levels, it does not do any enforcement on the
- # device. `DevicePolicy` acts as an AND over all specified fields, and each
- # repeated field is an OR over its elements. Any unset fields are ignored. For
- # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
- # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
- # true for requests originating from encrypted Linux desktops and encrypted
- # Windows desktops.
- "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
- # levels.
- "A String",
- ],
- "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
- { # A restriction on the OS type and version of devices making requests.
- "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
- # Verifications includes requirements that the device is enterprise-managed,
- # conformant to domain policies, and the caller has permission to call
- # the API targeted by the request.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
- },
- ],
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
- },
- "members": [ # The request must be made by one of the provided user or service
- # accounts. Groups are not supported.
- # Syntax:
- # `user:{emailid}`
- # `serviceAccount:{emailid}`
- # If not specified, a request may come from any user.
- "A String",
- ],
- "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
- # a CIDR IP address block, the specified IP address portion must be properly
- # truncated (i.e. all the host bits must be zero) or the input is considered
- # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
- # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
- # "2001:db8::1/32" is not. The originating IP of a request must be in one of
- # the listed subnets in order for this Condition to be true. If empty, all IP
- # addresses are allowed.
- "A String",
- ],
- "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
- # its non-empty fields, each field must be false for the Condition overall to
- # be satisfied. Defaults to false.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
- },
- ],
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
- },
- "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
-}
-
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # This resource represents a long-running operation that is the result of a
- # network API call.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- },
- "metadata": { # Service-specific metadata associated with the operation. It typically
- # contains progress information and common metadata such as create time.
- # Some services might not provide such metadata. Any method that returns a
- # long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="delete">delete(name, x__xgafv=None)</code>
- <pre>Delete an Access Level by resource
-name. The longrunning operation from this RPC will have a successful status
-once the Access Level has been removed
-from long-lasting storage.
-
-Args:
- name: string, Required. Resource name for the Access Level.
-
-Format:
-`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # This resource represents a long-running operation that is the result of a
- # network API call.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- },
- "metadata": { # Service-specific metadata associated with the operation. It typically
- # contains progress information and common metadata such as create time.
- # Some services might not provide such metadata. Any method that returns a
- # long-running operation should document the metadata type, if any.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- }</pre>
-</div>
-
-<div class="method">
- <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>
- <pre>Get an Access Level by resource
-name.
-
-Args:
- name: string, Required. Resource name for the Access Level.
-
-Format:
-`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
- accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression
-Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
-Access Levels
-are returned as `BasicLevels` or `CustomLevels` based on how they were
-created. If set to CEL, all Access Levels are returned as
-`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
-`CustomLevels`.
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
# services, along with a list of requirements necessary for the label to be
# applied.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
+ # must begin with a letter and only include alphanumeric and '_'. Format:
+ # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
+ # // of the `short_name` component is 50 characters.
+ "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
+ "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
+ { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
+ # of the listed subnetworks AND 2) the originating device complies with the
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
+ # request was sent at a time allowed by the DateTimeRestriction.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
+ # a CIDR IP address block, the specified IP address portion must be properly
+ # truncated (i.e. all the host bits must be zero) or the input is considered
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
+ # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+ # "2001:db8::1/32" is not. The originating IP of a request must be in one of
+ # the listed subnets in order for this Condition to be true. If empty, all IP
+ # addresses are allowed.
+ "A String",
+ ],
+ "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
+ # Condition to be true. If not specified, all devices are allowed.
+ # given access level. A `DevicePolicy` specifies requirements for requests from
+ # devices to be granted access levels, it does not do any enforcement on the
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
+ # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
+ # true for requests originating from encrypted Linux desktops and encrypted
+ # Windows desktops.
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
+ "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
+ # levels.
+ "A String",
+ ],
+ "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
+ { # A restriction on the OS type and version of devices making requests.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
+ # Verifications includes requirements that the device is enterprise-managed,
+ # conformant to domain policies, and the caller has permission to call
+ # the API targeted by the request.
+ "osType": "A String", # Required. The allowed OS type.
+ },
+ ],
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ },
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
+ "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
+ # its non-empty fields, each field must be false for the Condition overall to
+ # be satisfied. Defaults to false.
+ "members": [ # The request must be made by one of the provided user or service
+ # accounts. Groups are not supported.
+ # Syntax:
+ # `user:{emailid}`
+ # `serviceAccount:{emailid}`
+ # If not specified, a request may come from any user.
+ "A String",
+ ],
+ },
+ ],
+ },
+ "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
# to represent the necessary conditions for the level to apply to a request.
# See CEL spec at: https://github.com/google/cel-spec
@@ -426,109 +233,302 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
},
},
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
- # must begin with a letter and only include alphanumeric and '_'. Format:
- # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
- # // of the `short_name` component is 50 characters.
- "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
- { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
- # AND over its fields. So a Condition is true if: 1) the request IP is from one
- # of the listed subnetworks AND 2) the originating device complies with the
- # listed device policy AND 3) all listed access levels are granted AND 4) the
- # request was sent at a time allowed by the DateTimeRestriction.
- "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
- # Condition to be true. If not specified, all devices are allowed.
- # given access level. A `DevicePolicy` specifies requirements for requests from
- # devices to be granted access levels, it does not do any enforcement on the
- # device. `DevicePolicy` acts as an AND over all specified fields, and each
- # repeated field is an OR over its elements. Any unset fields are ignored. For
- # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
- # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
- # true for requests originating from encrypted Linux desktops and encrypted
- # Windows desktops.
- "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
- # levels.
- "A String",
- ],
- "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
- { # A restriction on the OS type and version of devices making requests.
- "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
- # Verifications includes requirements that the device is enterprise-managed,
- # conformant to domain policies, and the caller has permission to call
- # the API targeted by the request.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
- },
- ],
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
- "A String",
- ],
- },
- "members": [ # The request must be made by one of the provided user or service
- # accounts. Groups are not supported.
- # Syntax:
- # `user:{emailid}`
- # `serviceAccount:{emailid}`
- # If not specified, a request may come from any user.
- "A String",
- ],
- "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
- # a CIDR IP address block, the specified IP address portion must be properly
- # truncated (i.e. all the host bits must be zero) or the input is considered
- # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
- # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
- # "2001:db8::1/32" is not. The originating IP of a request must be in one of
- # the listed subnets in order for this Condition to be true. If empty, all IP
- # addresses are allowed.
- "A String",
- ],
- "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
- # its non-empty fields, each field must be false for the Condition overall to
- # be satisfied. Defaults to false.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
+ }
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a
+ # network API call.
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
},
- "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
}</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Delete an Access Level by resource
+name. The longrunning operation from this RPC will have a successful status
+once the Access Level has been removed
+from long-lasting storage.
+
+Args:
+ name: string, Required. Resource name for the Access Level.
+
+Format:
+`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a
+ # network API call.
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ },
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>
+ <pre>Get an Access Level by resource
+name.
+
+Args:
+ name: string, Required. Resource name for the Access Level.
+
+Format:
+`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
+ accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression
+Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
+Access Levels
+are returned as `BasicLevels` or `CustomLevels` based on how they were
+created. If set to CEL, all Access Levels are returned as
+`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+`CustomLevels`.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
+ # services, along with a list of requirements necessary for the label to be
+ # applied.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
+ # must begin with a letter and only include alphanumeric and '_'. Format:
+ # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
+ # // of the `short_name` component is 50 characters.
+ "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
+ "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
+ { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
+ # of the listed subnetworks AND 2) the originating device complies with the
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
+ # request was sent at a time allowed by the DateTimeRestriction.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
+ "A String",
+ ],
+ "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
+ # a CIDR IP address block, the specified IP address portion must be properly
+ # truncated (i.e. all the host bits must be zero) or the input is considered
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
+ # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+ # "2001:db8::1/32" is not. The originating IP of a request must be in one of
+ # the listed subnets in order for this Condition to be true. If empty, all IP
+ # addresses are allowed.
+ "A String",
+ ],
+ "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
+ # Condition to be true. If not specified, all devices are allowed.
+ # given access level. A `DevicePolicy` specifies requirements for requests from
+ # devices to be granted access levels, it does not do any enforcement on the
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
+ # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
+ # true for requests originating from encrypted Linux desktops and encrypted
+ # Windows desktops.
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
+ "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
+ # levels.
+ "A String",
+ ],
+ "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
+ { # A restriction on the OS type and version of devices making requests.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
+ # Verifications includes requirements that the device is enterprise-managed,
+ # conformant to domain policies, and the caller has permission to call
+ # the API targeted by the request.
+ "osType": "A String", # Required. The allowed OS type.
+ },
+ ],
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ },
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
+ "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
+ # its non-empty fields, each field must be false for the Condition overall to
+ # be satisfied. Defaults to false.
+ "members": [ # The request must be made by one of the provided user or service
+ # accounts. Groups are not supported.
+ # Syntax:
+ # `user:{emailid}`
+ # `serviceAccount:{emailid}`
+ # If not specified, a request may come from any user.
+ "A String",
+ ],
+ },
+ ],
+ },
+ "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
+ "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
+ # to represent the necessary conditions for the level to apply to a request.
+ # See CEL spec at: https://github.com/google/cel-spec
+ "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ },
+ },
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
<pre>List all Access Levels for an access
policy.
@@ -540,10 +540,10 @@
accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as
`CustomLevels`, rather than as `BasicLevels`. Defaults to returning
`AccessLevels` in the format they were defined.
- pageToken: string, Next page token for the next batch of Access Level instances.
-Defaults to the first page of results.
pageSize: integer, Number of Access Levels to include in
the list. Default 100.
+ pageToken: string, Next page token for the next batch of Access Level instances.
+Defaults to the first page of results.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -553,146 +553,146 @@
An object of the form:
{ # A response to `ListAccessLevelsRequest`.
- "nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is
- # empty, no further results remain.
"accessLevels": [ # List of the Access Level instances.
{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
- # services, along with a list of requirements necessary for the label to be
- # applied.
- "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
- # to represent the necessary conditions for the level to apply to a request.
- # See CEL spec at: https://github.com/google/cel-spec
- "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
- # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
- # are documented at https://github.com/google/cel-spec.
- #
- # Example (Comparison):
- #
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
- #
- # Example (Equality):
- #
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
- #
- # Example (Logic):
- #
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
- #
- # Example (Data Manipulation):
- #
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
- #
- # The exact variables and functions that may be referenced within an expression
- # are determined by the service that evaluates it. See the service
- # documentation for additional information.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- },
- },
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
- # must begin with a letter and only include alphanumeric and '_'. Format:
- # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
- # // of the `short_name` component is 50 characters.
- "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
- { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
- # AND over its fields. So a Condition is true if: 1) the request IP is from one
- # of the listed subnetworks AND 2) the originating device complies with the
- # listed device policy AND 3) all listed access levels are granted AND 4) the
- # request was sent at a time allowed by the DateTimeRestriction.
- "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
- # Condition to be true. If not specified, all devices are allowed.
- # given access level. A `DevicePolicy` specifies requirements for requests from
- # devices to be granted access levels, it does not do any enforcement on the
- # device. `DevicePolicy` acts as an AND over all specified fields, and each
- # repeated field is an OR over its elements. Any unset fields are ignored. For
- # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
- # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
- # true for requests originating from encrypted Linux desktops and encrypted
- # Windows desktops.
- "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
- # levels.
+ # services, along with a list of requirements necessary for the label to be
+ # applied.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
+ # must begin with a letter and only include alphanumeric and '_'. Format:
+ # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
+ # // of the `short_name` component is 50 characters.
+ "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
+ "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
+ { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
+ # of the listed subnetworks AND 2) the originating device complies with the
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
+ # request was sent at a time allowed by the DateTimeRestriction.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
"A String",
],
- "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
- { # A restriction on the OS type and version of devices making requests.
- "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
- # Verifications includes requirements that the device is enterprise-managed,
- # conformant to domain policies, and the caller has permission to call
- # the API targeted by the request.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
- },
+ "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
+ # a CIDR IP address block, the specified IP address portion must be properly
+ # truncated (i.e. all the host bits must be zero) or the input is considered
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
+ # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+ # "2001:db8::1/32" is not. The originating IP of a request must be in one of
+ # the listed subnets in order for this Condition to be true. If empty, all IP
+ # addresses are allowed.
+ "A String",
],
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
+ # Condition to be true. If not specified, all devices are allowed.
+ # given access level. A `DevicePolicy` specifies requirements for requests from
+ # devices to be granted access levels, it does not do any enforcement on the
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
+ # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
+ # true for requests originating from encrypted Linux desktops and encrypted
+ # Windows desktops.
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
+ "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
+ # levels.
+ "A String",
+ ],
+ "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
+ { # A restriction on the OS type and version of devices making requests.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
+ # Verifications includes requirements that the device is enterprise-managed,
+ # conformant to domain policies, and the caller has permission to call
+ # the API targeted by the request.
+ "osType": "A String", # Required. The allowed OS type.
+ },
+ ],
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ },
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
+ "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
+ # its non-empty fields, each field must be false for the Condition overall to
+ # be satisfied. Defaults to false.
+ "members": [ # The request must be made by one of the provided user or service
+ # accounts. Groups are not supported.
+ # Syntax:
+ # `user:{emailid}`
+ # `serviceAccount:{emailid}`
+ # If not specified, a request may come from any user.
"A String",
],
},
- "members": [ # The request must be made by one of the provided user or service
- # accounts. Groups are not supported.
- # Syntax:
- # `user:{emailid}`
- # `serviceAccount:{emailid}`
- # If not specified, a request may come from any user.
- "A String",
- ],
- "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
- # a CIDR IP address block, the specified IP address portion must be properly
- # truncated (i.e. all the host bits must be zero) or the input is considered
- # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
- # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
- # "2001:db8::1/32" is not. The originating IP of a request must be in one of
- # the listed subnets in order for this Condition to be true. If empty, all IP
- # addresses are allowed.
- "A String",
- ],
- "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
- # its non-empty fields, each field must be false for the Condition overall to
- # be satisfied. Defaults to false.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
+ ],
+ },
+ "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
+ "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
+ # to represent the necessary conditions for the level to apply to a request.
+ # See CEL spec at: https://github.com/google/cel-spec
+ "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
- ],
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
+ },
},
- "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
- },
],
+ "nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is
+ # empty, no further results remain.
}</pre>
</div>
@@ -727,141 +727,141 @@
The object takes the form of:
{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
- # services, along with a list of requirements necessary for the label to be
- # applied.
- "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
- # to represent the necessary conditions for the level to apply to a request.
- # See CEL spec at: https://github.com/google/cel-spec
- "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
- # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
- # are documented at https://github.com/google/cel-spec.
- #
- # Example (Comparison):
- #
- # title: "Summary size limit"
- # description: "Determines if a summary is less than 100 chars"
- # expression: "document.summary.size() < 100"
- #
- # Example (Equality):
- #
- # title: "Requestor is owner"
- # description: "Determines if requestor is the document owner"
- # expression: "document.owner == request.auth.claims.email"
- #
- # Example (Logic):
- #
- # title: "Public documents"
- # description: "Determine whether the document should be publicly visible"
- # expression: "document.type != 'private' && document.type != 'internal'"
- #
- # Example (Data Manipulation):
- #
- # title: "Notification string"
- # description: "Create a notification string with a timestamp."
- # expression: "'New message received at ' + string(document.create_time)"
- #
- # The exact variables and functions that may be referenced within an expression
- # are determined by the service that evaluates it. See the service
- # documentation for additional information.
- "title": "A String", # Optional. Title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
- },
- },
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
- # must begin with a letter and only include alphanumeric and '_'. Format:
- # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
- # // of the `short_name` component is 50 characters.
- "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
- "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
- { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
- # AND over its fields. So a Condition is true if: 1) the request IP is from one
- # of the listed subnetworks AND 2) the originating device complies with the
- # listed device policy AND 3) all listed access levels are granted AND 4) the
- # request was sent at a time allowed by the DateTimeRestriction.
- "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
- # Condition to be true. If not specified, all devices are allowed.
- # given access level. A `DevicePolicy` specifies requirements for requests from
- # devices to be granted access levels, it does not do any enforcement on the
- # device. `DevicePolicy` acts as an AND over all specified fields, and each
- # repeated field is an OR over its elements. Any unset fields are ignored. For
- # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
- # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
- # true for requests originating from encrypted Linux desktops and encrypted
- # Windows desktops.
- "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
- # levels.
+ # services, along with a list of requirements necessary for the label to be
+ # applied.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "name": "A String", # Required. Resource name for the Access Level. The `short_name` component
+ # must begin with a letter and only include alphanumeric and '_'. Format:
+ # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
+ # // of the `short_name` component is 50 characters.
+ "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
+ "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
+ # `AccessLevel` to be applied. Default behavior is AND.
+ "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.
+ { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
+ # of the listed subnetworks AND 2) the originating device complies with the
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
+ # request was sent at a time allowed by the DateTimeRestriction.
+ "regions": [ # The request must originate from one of the provided countries/regions.
+ # Must be valid ISO 3166-1 alpha-2 codes.
"A String",
],
- "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
- { # A restriction on the OS type and version of devices making requests.
- "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
- # Verifications includes requirements that the device is enterprise-managed,
- # conformant to domain policies, and the caller has permission to call
- # the API targeted by the request.
- "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
- # satisfies the constraint. Format: `"major.minor.patch"`.
- # Examples: `"10.5.301"`, `"9.2.1"`.
- "osType": "A String", # Required. The allowed OS type.
- },
+ "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
+ # a CIDR IP address block, the specified IP address portion must be properly
+ # truncated (i.e. all the host bits must be zero) or the input is considered
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
+ # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+ # "2001:db8::1/32" is not. The originating IP of a request must be in one of
+ # the listed subnets in order for this Condition to be true. If empty, all IP
+ # addresses are allowed.
+ "A String",
],
- "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
- "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
- "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
- # Defaults to `false`.
- "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
+ # Condition to be true. If not specified, all devices are allowed.
+ # given access level. A `DevicePolicy` specifies requirements for requests from
+ # devices to be granted access levels, it does not do any enforcement on the
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
+ # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
+ # true for requests originating from encrypted Linux desktops and encrypted
+ # Windows desktops.
+ "requireCorpOwned": True or False, # Whether the device needs to be corp owned.
+ "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.
+ "A String",
+ ],
+ "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management
+ # levels.
+ "A String",
+ ],
+ "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.
+ { # A restriction on the OS type and version of devices making requests.
+ "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS
+ # satisfies the constraint. Format: `"major.minor.patch"`.
+ # Examples: `"10.5.301"`, `"9.2.1"`.
+ "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.
+ # Verifications includes requirements that the device is enterprise-managed,
+ # conformant to domain policies, and the caller has permission to call
+ # the API targeted by the request.
+ "osType": "A String", # Required. The allowed OS type.
+ },
+ ],
+ "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.
+ "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
+ # Defaults to `false`.
+ },
+ "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
+ # resource name. Referencing an `AccessLevel` which does not exist is an
+ # error. All access levels listed must be granted for the Condition
+ # to be true. Example:
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+ "A String",
+ ],
+ "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
+ # its non-empty fields, each field must be false for the Condition overall to
+ # be satisfied. Defaults to false.
+ "members": [ # The request must be made by one of the provided user or service
+ # accounts. Groups are not supported.
+ # Syntax:
+ # `user:{emailid}`
+ # `serviceAccount:{emailid}`
+ # If not specified, a request may come from any user.
"A String",
],
},
- "members": [ # The request must be made by one of the provided user or service
- # accounts. Groups are not supported.
- # Syntax:
- # `user:{emailid}`
- # `serviceAccount:{emailid}`
- # If not specified, a request may come from any user.
- "A String",
- ],
- "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
- # a CIDR IP address block, the specified IP address portion must be properly
- # truncated (i.e. all the host bits must be zero) or the input is considered
- # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
- # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
- # "2001:db8::1/32" is not. The originating IP of a request must be in one of
- # the listed subnets in order for this Condition to be true. If empty, all IP
- # addresses are allowed.
- "A String",
- ],
- "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
- # its non-empty fields, each field must be false for the Condition overall to
- # be satisfied. Defaults to false.
- "regions": [ # The request must originate from one of the provided countries/regions.
- # Must be valid ISO 3166-1 alpha-2 codes.
- "A String",
- ],
- "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by
- # resource name. Referencing an `AccessLevel` which does not exist is an
- # error. All access levels listed must be granted for the Condition
- # to be true. Example:
- # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
- "A String",
- ],
+ ],
+ },
+ "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
+ "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
+ # to represent the necessary conditions for the level to apply to a request.
+ # See CEL spec at: https://github.com/google/cel-spec
+ "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
},
- ],
- "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is
- # granted this `AccessLevel`. If AND is used, each `Condition` in
- # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
- # is used, at least one `Condition` in `conditions` must be satisfied for the
- # `AccessLevel` to be applied. Default behavior is AND.
- },
- "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.
-}
+ },
+ }
updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
x__xgafv: string, V1 error format.
@@ -874,36 +874,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
- "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
- # different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). Each `Status` message contains
- # three pieces of data: error code, error message, and error details.
- #
- # You can find out more about this error model and how to work with it in the
- # [API Design Guide](https://cloud.google.com/apis/design/errors).
- "details": [ # A list of messages that carry the error details. There is a common set of
- # message types for APIs to use.
- {
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- ],
- "code": 42, # The status code, which should be an enum value of google.rpc.Code.
- "message": "A String", # A developer-facing error message, which should be in English. Any
- # user-facing error message should be localized and sent in the
- # google.rpc.Status.details field, or localized by the client.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
"response": { # The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
@@ -914,6 +890,30 @@
# `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ },
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
}</pre>
</div>