docs: update generated docs (#981)
diff --git a/docs/dyn/bigtableadmin_v2.projects.instances.tables.html b/docs/dyn/bigtableadmin_v2.projects.instances.tables.html
index 7b13648..69cfb67 100644
--- a/docs/dyn/bigtableadmin_v2.projects.instances.tables.html
+++ b/docs/dyn/bigtableadmin_v2.projects.instances.tables.html
@@ -105,6 +105,9 @@
<code><a href="#modifyColumnFamilies">modifyColumnFamilies(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Performs a series of column family modifications on the specified table.</p>
<p class="toc_element">
+ <code><a href="#restore">restore(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Create a new table by restoring from a completed backup. The new table</p>
+<p class="toc_element">
<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on a Table resource.</p>
<p class="toc_element">
@@ -158,11 +161,24 @@
{ # Request message for
# google.bigtable.admin.v2.BigtableTableAdmin.CreateTable
+ "tableId": "A String", # Required. The name by which the new table should be referred to within the parent
+ # instance, e.g., `foobar` rather than `{parent}/tables/foobar`.
+ # Maximum 50 characters.
"table": { # A collection of user data indexed by row, column, and timestamp. # Required. The Table to create.
# Each table is served using the resources of its parent cluster.
- "name": "A String", # Output only. The unique name of the table. Values are of the form
- # `projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.
- # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ "restoreInfo": { # Information about a table restore. # Output only. If this table was restored from another data source (e.g. a backup), this
+ # field will be populated with information about the restore.
+ "sourceType": "A String", # The type of the restore source.
+ "backupInfo": { # Information about a backup. # Information about the backup used to restore the table. The backup
+ # may no longer exist.
+ "sourceTable": "A String", # Output only. Name of the table the backup was created from.
+ "backup": "A String", # Output only. Name of the backup.
+ "startTime": "A String", # Output only. The time that the backup was started. Row data in the backup
+ # will be no older than this timestamp.
+ "endTime": "A String", # Output only. This time that the backup was finished. Row data in the
+ # backup will be no newer than this timestamp.
+ },
+ },
"clusterStates": { # Output only. Map from cluster ID to per-cluster table state.
# If it could not be determined whether or not the table has data in a
# particular cluster (for example, if its zone is unavailable), then
@@ -172,13 +188,11 @@
"replicationState": "A String", # Output only. The state of replication for the table in this cluster.
},
},
- "granularity": "A String", # (`CreationOnly`)
- # The granularity (i.e. `MILLIS`) at which timestamps are stored in
- # this table. Timestamps not matching the granularity will be rejected.
+ "granularity": "A String", # Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this
+ # table. Timestamps not matching the granularity will be rejected.
# If unspecified at creation time, the value will be set to `MILLIS`.
# Views: `SCHEMA_VIEW`, `FULL`.
- "columnFamilies": { # (`CreationOnly`)
- # The column families configured for this table, mapped by column family ID.
+ "columnFamilies": { # The column families configured for this table, mapped by column family ID.
# Views: `SCHEMA_VIEW`, `FULL`
"a_key": { # A set of columns within a table which share a common configuration.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -204,10 +218,10 @@
},
},
},
+ "name": "A String", # The unique name of the table. Values are of the form
+ # `projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.
+ # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
},
- "tableId": "A String", # Required. The name by which the new table should be referred to within the parent
- # instance, e.g., `foobar` rather than `{parent}/tables/foobar`.
- # Maximum 50 characters.
"initialSplits": [ # The optional list of row keys that will be used to initially split the
# table into several tablets (tablets are similar to HBase regions).
# Given two split keys, `s1` and `s2`, three tablets will be created,
@@ -240,9 +254,19 @@
{ # A collection of user data indexed by row, column, and timestamp.
# Each table is served using the resources of its parent cluster.
- "name": "A String", # Output only. The unique name of the table. Values are of the form
- # `projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.
- # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ "restoreInfo": { # Information about a table restore. # Output only. If this table was restored from another data source (e.g. a backup), this
+ # field will be populated with information about the restore.
+ "sourceType": "A String", # The type of the restore source.
+ "backupInfo": { # Information about a backup. # Information about the backup used to restore the table. The backup
+ # may no longer exist.
+ "sourceTable": "A String", # Output only. Name of the table the backup was created from.
+ "backup": "A String", # Output only. Name of the backup.
+ "startTime": "A String", # Output only. The time that the backup was started. Row data in the backup
+ # will be no older than this timestamp.
+ "endTime": "A String", # Output only. This time that the backup was finished. Row data in the
+ # backup will be no newer than this timestamp.
+ },
+ },
"clusterStates": { # Output only. Map from cluster ID to per-cluster table state.
# If it could not be determined whether or not the table has data in a
# particular cluster (for example, if its zone is unavailable), then
@@ -252,13 +276,11 @@
"replicationState": "A String", # Output only. The state of replication for the table in this cluster.
},
},
- "granularity": "A String", # (`CreationOnly`)
- # The granularity (i.e. `MILLIS`) at which timestamps are stored in
- # this table. Timestamps not matching the granularity will be rejected.
+ "granularity": "A String", # Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this
+ # table. Timestamps not matching the granularity will be rejected.
# If unspecified at creation time, the value will be set to `MILLIS`.
# Views: `SCHEMA_VIEW`, `FULL`.
- "columnFamilies": { # (`CreationOnly`)
- # The column families configured for this table, mapped by column family ID.
+ "columnFamilies": { # The column families configured for this table, mapped by column family ID.
# Views: `SCHEMA_VIEW`, `FULL`
"a_key": { # A set of columns within a table which share a common configuration.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -284,6 +306,9 @@
},
},
},
+ "name": "A String", # The unique name of the table. Values are of the form
+ # `projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.
+ # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
}</pre>
</div>
@@ -407,9 +432,19 @@
{ # A collection of user data indexed by row, column, and timestamp.
# Each table is served using the resources of its parent cluster.
- "name": "A String", # Output only. The unique name of the table. Values are of the form
- # `projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.
- # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ "restoreInfo": { # Information about a table restore. # Output only. If this table was restored from another data source (e.g. a backup), this
+ # field will be populated with information about the restore.
+ "sourceType": "A String", # The type of the restore source.
+ "backupInfo": { # Information about a backup. # Information about the backup used to restore the table. The backup
+ # may no longer exist.
+ "sourceTable": "A String", # Output only. Name of the table the backup was created from.
+ "backup": "A String", # Output only. Name of the backup.
+ "startTime": "A String", # Output only. The time that the backup was started. Row data in the backup
+ # will be no older than this timestamp.
+ "endTime": "A String", # Output only. This time that the backup was finished. Row data in the
+ # backup will be no newer than this timestamp.
+ },
+ },
"clusterStates": { # Output only. Map from cluster ID to per-cluster table state.
# If it could not be determined whether or not the table has data in a
# particular cluster (for example, if its zone is unavailable), then
@@ -419,13 +454,11 @@
"replicationState": "A String", # Output only. The state of replication for the table in this cluster.
},
},
- "granularity": "A String", # (`CreationOnly`)
- # The granularity (i.e. `MILLIS`) at which timestamps are stored in
- # this table. Timestamps not matching the granularity will be rejected.
+ "granularity": "A String", # Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this
+ # table. Timestamps not matching the granularity will be rejected.
# If unspecified at creation time, the value will be set to `MILLIS`.
# Views: `SCHEMA_VIEW`, `FULL`.
- "columnFamilies": { # (`CreationOnly`)
- # The column families configured for this table, mapped by column family ID.
+ "columnFamilies": { # The column families configured for this table, mapped by column family ID.
# Views: `SCHEMA_VIEW`, `FULL`
"a_key": { # A set of columns within a table which share a common configuration.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -451,6 +484,9 @@
},
},
},
+ "name": "A String", # The unique name of the table. Values are of the form
+ # `projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.
+ # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
}</pre>
</div>
@@ -468,7 +504,7 @@
{ # Request message for `GetIamPolicy` method.
"options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
- # `GetIamPolicy`. This field is only used by Cloud IAM.
+ # `GetIamPolicy`.
"requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
#
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
@@ -477,6 +513,10 @@
# Requests for policies with any conditional bindings must specify version 3.
# Policies without any conditional bindings may specify any valid value or
# leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
}
@@ -498,10 +538,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -518,7 +560,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -551,120 +595,22 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "logType": "A String", # The log type that this config enables.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- },
- ],
- },
- ],
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -695,15 +641,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -754,6 +700,91 @@
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # },
+ # {
+ # "log_type": "ADMIN_READ"
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ"
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -766,6 +797,30 @@
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows
# you to overwrite a version `3` policy with a version `1` policy, and all of
# the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>
@@ -801,9 +856,19 @@
"tables": [ # The tables present in the requested instance.
{ # A collection of user data indexed by row, column, and timestamp.
# Each table is served using the resources of its parent cluster.
- "name": "A String", # Output only. The unique name of the table. Values are of the form
- # `projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.
- # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ "restoreInfo": { # Information about a table restore. # Output only. If this table was restored from another data source (e.g. a backup), this
+ # field will be populated with information about the restore.
+ "sourceType": "A String", # The type of the restore source.
+ "backupInfo": { # Information about a backup. # Information about the backup used to restore the table. The backup
+ # may no longer exist.
+ "sourceTable": "A String", # Output only. Name of the table the backup was created from.
+ "backup": "A String", # Output only. Name of the backup.
+ "startTime": "A String", # Output only. The time that the backup was started. Row data in the backup
+ # will be no older than this timestamp.
+ "endTime": "A String", # Output only. This time that the backup was finished. Row data in the
+ # backup will be no newer than this timestamp.
+ },
+ },
"clusterStates": { # Output only. Map from cluster ID to per-cluster table state.
# If it could not be determined whether or not the table has data in a
# particular cluster (for example, if its zone is unavailable), then
@@ -813,13 +878,11 @@
"replicationState": "A String", # Output only. The state of replication for the table in this cluster.
},
},
- "granularity": "A String", # (`CreationOnly`)
- # The granularity (i.e. `MILLIS`) at which timestamps are stored in
- # this table. Timestamps not matching the granularity will be rejected.
+ "granularity": "A String", # Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this
+ # table. Timestamps not matching the granularity will be rejected.
# If unspecified at creation time, the value will be set to `MILLIS`.
# Views: `SCHEMA_VIEW`, `FULL`.
- "columnFamilies": { # (`CreationOnly`)
- # The column families configured for this table, mapped by column family ID.
+ "columnFamilies": { # The column families configured for this table, mapped by column family ID.
# Views: `SCHEMA_VIEW`, `FULL`
"a_key": { # A set of columns within a table which share a common configuration.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -845,6 +908,9 @@
},
},
},
+ "name": "A String", # The unique name of the table. Values are of the form
+ # `projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.
+ # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
},
],
"nextPageToken": "A String", # Set if not all tables could be returned in a single response.
@@ -888,31 +954,6 @@
# masked by later ones (in the case of repeated updates to the same family,
# for example).
{ # A create, update, or delete of a particular column family.
- "id": "A String", # The ID of the column family to be modified.
- "update": { # A set of columns within a table which share a common configuration. # Update an existing column family to the specified schema, or fail
- # if no column family exists with the given ID.
- "gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
- # Must serialize to at most 500 bytes.
- #
- # NOTE: Garbage collection executes opportunistically in the background, and
- # so it's possible for reads to return a cell even if it matches the active
- # GC expression for its family.
- "maxNumVersions": 42, # Delete all cells in a column except the most recent N.
- "maxAge": "A String", # Delete cells in a column older than the given age.
- # Values must be at least one millisecond, and will be truncated to
- # microsecond granularity.
- "intersection": { # A GcRule which deletes cells matching all of the given rules. # Delete cells that would be deleted by every nested rule.
- "rules": [ # Only delete cells which would be deleted by every element of `rules`.
- # Object with schema name: GcRule
- ],
- },
- "union": { # A GcRule which deletes cells matching any of the given rules. # Delete cells that would be deleted by any nested rule.
- "rules": [ # Delete cells which would be deleted by any element of `rules`.
- # Object with schema name: GcRule
- ],
- },
- },
- },
"create": { # A set of columns within a table which share a common configuration. # Create a new column family with the specified schema, or fail if
# one already exists with the given ID.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -937,8 +978,33 @@
},
},
},
+ "update": { # A set of columns within a table which share a common configuration. # Update an existing column family to the specified schema, or fail
+ # if no column family exists with the given ID.
+ "gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
+ # Must serialize to at most 500 bytes.
+ #
+ # NOTE: Garbage collection executes opportunistically in the background, and
+ # so it's possible for reads to return a cell even if it matches the active
+ # GC expression for its family.
+ "maxNumVersions": 42, # Delete all cells in a column except the most recent N.
+ "maxAge": "A String", # Delete cells in a column older than the given age.
+ # Values must be at least one millisecond, and will be truncated to
+ # microsecond granularity.
+ "intersection": { # A GcRule which deletes cells matching all of the given rules. # Delete cells that would be deleted by every nested rule.
+ "rules": [ # Only delete cells which would be deleted by every element of `rules`.
+ # Object with schema name: GcRule
+ ],
+ },
+ "union": { # A GcRule which deletes cells matching any of the given rules. # Delete cells that would be deleted by any nested rule.
+ "rules": [ # Delete cells which would be deleted by any element of `rules`.
+ # Object with schema name: GcRule
+ ],
+ },
+ },
+ },
"drop": True or False, # Drop (delete) the column family with the given ID, or fail if no such
# family exists.
+ "id": "A String", # The ID of the column family to be modified.
},
],
}
@@ -953,9 +1019,19 @@
{ # A collection of user data indexed by row, column, and timestamp.
# Each table is served using the resources of its parent cluster.
- "name": "A String", # Output only. The unique name of the table. Values are of the form
- # `projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.
- # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ "restoreInfo": { # Information about a table restore. # Output only. If this table was restored from another data source (e.g. a backup), this
+ # field will be populated with information about the restore.
+ "sourceType": "A String", # The type of the restore source.
+ "backupInfo": { # Information about a backup. # Information about the backup used to restore the table. The backup
+ # may no longer exist.
+ "sourceTable": "A String", # Output only. Name of the table the backup was created from.
+ "backup": "A String", # Output only. Name of the backup.
+ "startTime": "A String", # Output only. The time that the backup was started. Row data in the backup
+ # will be no older than this timestamp.
+ "endTime": "A String", # Output only. This time that the backup was finished. Row data in the
+ # backup will be no newer than this timestamp.
+ },
+ },
"clusterStates": { # Output only. Map from cluster ID to per-cluster table state.
# If it could not be determined whether or not the table has data in a
# particular cluster (for example, if its zone is unavailable), then
@@ -965,13 +1041,11 @@
"replicationState": "A String", # Output only. The state of replication for the table in this cluster.
},
},
- "granularity": "A String", # (`CreationOnly`)
- # The granularity (i.e. `MILLIS`) at which timestamps are stored in
- # this table. Timestamps not matching the granularity will be rejected.
+ "granularity": "A String", # Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this
+ # table. Timestamps not matching the granularity will be rejected.
# If unspecified at creation time, the value will be set to `MILLIS`.
# Views: `SCHEMA_VIEW`, `FULL`.
- "columnFamilies": { # (`CreationOnly`)
- # The column families configured for this table, mapped by column family ID.
+ "columnFamilies": { # The column families configured for this table, mapped by column family ID.
# Views: `SCHEMA_VIEW`, `FULL`
"a_key": { # A set of columns within a table which share a common configuration.
"gcRule": { # Rule for determining which cells to delete during garbage collection. # Garbage collection rule specified as a protobuf.
@@ -997,6 +1071,90 @@
},
},
},
+ "name": "A String", # The unique name of the table. Values are of the form
+ # `projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.
+ # Views: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="restore">restore(parent, body=None, x__xgafv=None)</code>
+ <pre>Create a new table by restoring from a completed backup. The new table
+must be in the same instance as the instance containing the backup. The
+returned table long-running operation can
+be used to track the progress of the operation, and to cancel it. The
+metadata field type is
+RestoreTableMetadata. The
+response type is
+Table, if successful.
+
+Args:
+ parent: string, Required. The name of the instance in which to create the restored
+table. This instance must be the parent of the source backup. Values are
+of the form `projects/<project>/instances/<instance>`. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # The request for
+ # RestoreTable.
+ "backup": "A String", # Name of the backup from which to restore. Values are of the form
+ # `projects/<project>/instances/<instance>/clusters/<cluster>/backups/<backup>`.
+ "tableId": "A String", # Required. The id of the table to create and restore to. This
+ # table must not already exist. The `table_id` appended to
+ # `parent` forms the full table name of the form
+ # `projects/<project>/instances/<instance>/tables/<table_id>`.
+ }
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a
+ # network API call.
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ },
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
}</pre>
</div>
@@ -1012,6 +1170,11 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
+ "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+ # the fields in the mask will be modified. If no mask is provided, the
+ # following default mask is used:
+ #
+ # `paths: "bindings, etag"`
"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
@@ -1025,10 +1188,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -1045,7 +1210,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -1078,120 +1245,22 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "logType": "A String", # The log type that this config enables.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- },
- ],
- },
- ],
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -1222,15 +1291,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -1281,6 +1350,91 @@
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # },
+ # {
+ # "log_type": "ADMIN_READ"
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ"
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -1293,12 +1447,31 @@
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows
# you to overwrite a version `3` policy with a version `1` policy, and all of
# the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
},
- "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
- # the fields in the mask will be modified. If no mask is provided, the
- # following default mask is used:
- # paths: "bindings, etag"
- # This field is only used by Cloud IAM.
}
x__xgafv: string, V1 error format.
@@ -1319,10 +1492,12 @@
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
#
- # Optionally, a `binding` can specify a `condition`, which is a logical
- # expression that allows access to a resource only if the expression evaluates
- # to `true`. A condition can add constraints based on attributes of the
- # request, the resource, or both.
+ # For some types of Google Cloud resources, a `binding` can also specify a
+ # `condition`, which is a logical expression that allows access to a resource
+ # only if the expression evaluates to `true`. A condition can add constraints
+ # based on attributes of the request, the resource, or both. To learn which
+ # resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
#
# **JSON example:**
#
@@ -1339,7 +1514,9 @@
# },
# {
# "role": "roles/resourcemanager.organizationViewer",
- # "members": ["user:eve@example.com"],
+ # "members": [
+ # "user:eve@example.com"
+ # ],
# "condition": {
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
@@ -1372,120 +1549,22 @@
#
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
- "version": 42, # Specifies the format of the policy.
- #
- # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
- # are rejected.
- #
- # Any operation that affects conditional role bindings must specify version
- # `3`. This requirement applies to the following operations:
- #
- # * Getting a policy that includes a conditional role binding
- # * Adding a conditional role binding to a policy
- # * Changing a conditional role binding in a policy
- # * Removing any role binding, with or without a condition, from a policy
- # that includes conditions
- #
- # **Important:** If you use IAM Conditions, you must include the `etag` field
- # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
- # you to overwrite a version `3` policy with a version `1` policy, and all of
- # the conditions in the version `3` policy are lost.
- #
- # If a policy does not include any conditions, operations on that policy may
- # specify any valid version or leave the field unset.
- "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
- { # Specifies the audit configuration for a service.
- # The configuration determines which permission types are logged, and what
- # identities, if any, are exempted from logging.
- # An AuditConfig must have one or more AuditLogConfigs.
- #
- # If there are AuditConfigs for both `allServices` and a specific service,
- # the union of the two AuditConfigs is used for that service: the log_types
- # specified in each AuditConfig are enabled, and the exempted_members in each
- # AuditLogConfig are exempted.
- #
- # Example Policy with multiple AuditConfigs:
- #
- # {
- # "audit_configs": [
- # {
- # "service": "allServices"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # },
- # {
- # "log_type": "ADMIN_READ",
- # }
- # ]
- # },
- # {
- # "service": "sampleservice.googleapis.com"
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # },
- # {
- # "log_type": "DATA_WRITE",
- # "exempted_members": [
- # "user:aliya@example.com"
- # ]
- # }
- # ]
- # }
- # ]
- # }
- #
- # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts jose@example.com from DATA_READ logging, and
- # aliya@example.com from DATA_WRITE logging.
- "service": "A String", # Specifies a service that will be enabled for audit logging.
- # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
- # `allServices` is a special value that covers all services.
- "auditLogConfigs": [ # The configuration for logging of each type of permission.
- { # Provides the configuration for logging a type of permissions.
- # Example:
- #
- # {
- # "audit_log_configs": [
- # {
- # "log_type": "DATA_READ",
- # "exempted_members": [
- # "user:jose@example.com"
- # ]
- # },
- # {
- # "log_type": "DATA_WRITE",
- # }
- # ]
- # }
- #
- # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # jose@example.com from DATA_READ logging.
- "logType": "A String", # The log type that this config enables.
- "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
- # permission.
- # Follows the same format of Binding.members.
- "A String",
- ],
- },
- ],
- },
- ],
"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
+ #
+ # If the condition evaluates to `true`, then this binding applies to the
+ # current request.
+ #
+ # If the condition evaluates to `false`, then this binding does not apply to
+ # the current request. However, a different role binding might grant the same
+ # role to one or more of the members in this binding.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
@@ -1516,15 +1595,15 @@
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
- "location": "A String", # Optional. String indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "description": "A String", # Optional. Description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in Common Expression Language
- # syntax.
},
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
@@ -1575,6 +1654,91 @@
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
+ "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
+ { # Specifies the audit configuration for a service.
+ # The configuration determines which permission types are logged, and what
+ # identities, if any, are exempted from logging.
+ # An AuditConfig must have one or more AuditLogConfigs.
+ #
+ # If there are AuditConfigs for both `allServices` and a specific service,
+ # the union of the two AuditConfigs is used for that service: the log_types
+ # specified in each AuditConfig are enabled, and the exempted_members in each
+ # AuditLogConfig are exempted.
+ #
+ # Example Policy with multiple AuditConfigs:
+ #
+ # {
+ # "audit_configs": [
+ # {
+ # "service": "allServices",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # },
+ # {
+ # "log_type": "ADMIN_READ"
+ # }
+ # ]
+ # },
+ # {
+ # "service": "sampleservice.googleapis.com",
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ"
+ # },
+ # {
+ # "log_type": "DATA_WRITE",
+ # "exempted_members": [
+ # "user:aliya@example.com"
+ # ]
+ # }
+ # ]
+ # }
+ # ]
+ # }
+ #
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
+ "auditLogConfigs": [ # The configuration for logging of each type of permission.
+ { # Provides the configuration for logging a type of permissions.
+ # Example:
+ #
+ # {
+ # "audit_log_configs": [
+ # {
+ # "log_type": "DATA_READ",
+ # "exempted_members": [
+ # "user:jose@example.com"
+ # ]
+ # },
+ # {
+ # "log_type": "DATA_WRITE"
+ # }
+ # ]
+ # }
+ #
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ # jose@example.com from DATA_READ logging.
+ "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
+ # permission.
+ # Follows the same format of Binding.members.
+ "A String",
+ ],
+ "logType": "A String", # The log type that this config enables.
+ },
+ ],
+ "service": "A String", # Specifies a service that will be enabled for audit logging.
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+ # `allServices` is a special value that covers all services.
+ },
+ ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -1587,6 +1751,30 @@
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows
# you to overwrite a version `3` policy with a version `1` policy, and all of
# the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
+ #
+ # To learn which resources support conditions in their IAM policies, see the
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>