chore: regens API reference docs (#889)
diff --git a/docs/dyn/accesscontextmanager_v1.accessPolicies.servicePerimeters.html b/docs/dyn/accesscontextmanager_v1.accessPolicies.servicePerimeters.html
index c26b8e1..f5e1626 100644
--- a/docs/dyn/accesscontextmanager_v1.accessPolicies.servicePerimeters.html
+++ b/docs/dyn/accesscontextmanager_v1.accessPolicies.servicePerimeters.html
@@ -75,87 +75,62 @@
<h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1.accessPolicies.servicePerimeters.html">servicePerimeters</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Create an Service Perimeter. The</p>
+ <code><a href="#commit">commit(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Commit the dry-run spec for all the Service Perimeters in an</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Create a Service Perimeter. The</p>
<p class="toc_element">
<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
-<p class="firstline">Delete an Service Perimeter by resource</p>
+<p class="firstline">Delete a Service Perimeter by resource</p>
<p class="toc_element">
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
-<p class="firstline">Get an Service Perimeter by resource</p>
+<p class="firstline">Get a Service Perimeter by resource</p>
<p class="toc_element">
- <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
+ <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Service Perimeters for an</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
- <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Update an Service Perimeter. The</p>
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Update a Service Perimeter. The</p>
+<p class="toc_element">
+ <code><a href="#replaceAll">replaceAll(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Replace all existing Service Perimeters in an</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="create">create(parent, body, x__xgafv=None)</code>
- <pre>Create an Service Perimeter. The
-longrunning operation from this RPC will have a successful status once the
-Service Perimeter has
-propagated to long-lasting storage. Service Perimeters containing
-errors will result in an error response for the first error encountered.
+ <code class="details" id="commit">commit(parent, body=None, x__xgafv=None)</code>
+ <pre>Commit the dry-run spec for all the Service Perimeters in an
+Access Policy.
+A commit operation on a Service Perimeter involves copying its `spec` field
+to that Service Perimeter's `status` field. Only Service Perimeters with
+`use_explicit_dry_run_spec` field set to true are affected by a commit
+operation. The longrunning operation from this RPC will have a successful
+status once the dry-run specs for all the Service Perimeters have been
+committed. If a commit fails, it will cause the longrunning operation to
+return an error response and the entire commit operation will be cancelled.
+When successful, Operation.response field will contain
+CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
+be cleared after a successful commit operation.
Args:
- parent: string, Required. Resource name for the access policy which owns this Service
-Perimeter.
+ parent: string, Required. Resource name for the parent Access Policy which owns all
+Service Perimeters in scope for
+the commit operation.
Format: `accessPolicies/{policy_id}` (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
-{ # `ServicePerimeter` describes a set of GCP resources which can freely import
- # and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single GCP
- # project can only belong to a single regular Service Perimeter. Service
- # Perimeter Bridges can contain only GCP projects as members, a single GCP
- # project may belong to multiple Service Perimeter Bridges.
- "status": { # `ServicePerimeterConfig` specifies a set of GCP resources that describe # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted services and access levels that determine perimeter
- # content and boundaries.
- # specific Service Perimeter configuration.
- "restrictedServices": [ # GCP services that are subject to the Service Perimeter restrictions. For
- # example, if `storage.googleapis.com` is specified, access to the storage
- # buckets inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "resources": [ # A list of GCP resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via GCP calls
- # with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
- "A String",
- ],
- },
- "updateTime": "A String", # Output only. Time the `ServicePerimeter` was updated in UTC.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # the restricted service list as well as access level lists must be
- # empty.
- "createTime": "A String", # Output only. Time the `ServicePerimeter` was created in UTC.
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
+{ # A request to commit dry-run specs in all Service Perimeters belonging to
+ # an Access Policy.
+ "etag": "A String", # Optional. The etag for the version of the Access Policy that this
+ # commit operation is to be performed on. If, at the time of commit, the
+ # etag for the Access Policy stored in Access Context Manager is different
+ # from the specified etag, then the commit operation will not be performed
+ # and the call will fail. This field is not required. If etag is not
+ # provided, the operation will be performed as if a valid etag is provided.
}
x__xgafv: string, V1 error format.
@@ -212,8 +187,180 @@
</div>
<div class="method">
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
+ <pre>Create a Service Perimeter. The
+longrunning operation from this RPC will have a successful status once the
+Service Perimeter has
+propagated to long-lasting storage. Service Perimeters containing
+errors will result in an error response for the first error encountered.
+
+Args:
+ parent: string, Required. Resource name for the access policy which owns this Service
+Perimeter.
+
+Format: `accessPolicies/{policy_id}` (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # the restricted service list as well as access level lists must be
+ # empty.
+ "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+ # exists for all Service Perimeters, and that spec is identical to the
+ # status for those Service Perimeters. When this flag is set, it inhibits the
+ # generation of the implicit spec, thereby allowing the user to explicitly
+ # provide a configuration ("spec") to use in a dry-run version of the Service
+ # Perimeter. This allows the user to test changes to the enforced config
+ # ("status") without actually enforcing them. This testing is done through
+ # analyzing the differences between currently enforced and suggested
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+ # fields in the spec are set to non-default values.
+ "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
+ # allows to specify and test ServicePerimeter configuration without enforcing
+ # actual access restrictions. Only allowed to be set when the
+ # "use_explicit_dry_run_spec" flag is set.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a
+ # network API call.
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ },
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ }</pre>
+</div>
+
+<div class="method">
<code class="details" id="delete">delete(name, x__xgafv=None)</code>
- <pre>Delete an Service Perimeter by resource
+ <pre>Delete a Service Perimeter by resource
name. The longrunning operation from this RPC will have a successful status
once the Service Perimeter has been
removed from long-lasting storage.
@@ -278,7 +425,7 @@
<div class="method">
<code class="details" id="get">get(name, x__xgafv=None)</code>
- <pre>Get an Service Perimeter by resource
+ <pre>Get a Service Perimeter by resource
name.
Args:
@@ -294,58 +441,112 @@
Returns:
An object of the form:
- { # `ServicePerimeter` describes a set of GCP resources which can freely import
- # and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single GCP
- # project can only belong to a single regular Service Perimeter. Service
- # Perimeter Bridges can contain only GCP projects as members, a single GCP
- # project may belong to multiple Service Perimeter Bridges.
- "status": { # `ServicePerimeterConfig` specifies a set of GCP resources that describe # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted services and access levels that determine perimeter
- # content and boundaries.
- # specific Service Perimeter configuration.
- "restrictedServices": [ # GCP services that are subject to the Service Perimeter restrictions. For
- # example, if `storage.googleapis.com` is specified, access to the storage
- # buckets inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "resources": [ # A list of GCP resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via GCP calls
- # with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
+ { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
"A String",
],
},
- "updateTime": "A String", # Output only. Time the `ServicePerimeter` was updated in UTC.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # the restricted service list as well as access level lists must be
- # empty.
- "createTime": "A String", # Output only. Time the `ServicePerimeter` was created in UTC.
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- }</pre>
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # the restricted service list as well as access level lists must be
+ # empty.
+ "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+ # exists for all Service Perimeters, and that spec is identical to the
+ # status for those Service Perimeters. When this flag is set, it inhibits the
+ # generation of the implicit spec, thereby allowing the user to explicitly
+ # provide a configuration ("spec") to use in a dry-run version of the Service
+ # Perimeter. This allows the user to test changes to the enforced config
+ # ("status") without actually enforcing them. This testing is done through
+ # analyzing the differences between currently enforced and suggested
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+ # fields in the spec are set to non-default values.
+ "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
+ # allows to specify and test ServicePerimeter configuration without enforcing
+ # actual access restrictions. Only allowed to be set when the
+ # "use_explicit_dry_run_spec" flag is set.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ }</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</code>
+ <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
<pre>List all Service Perimeters for an
access policy.
@@ -354,14 +555,14 @@
Format:
`accessPolicies/{policy_id}` (required)
+ pageSize: integer, Number of Service Perimeters to include
+in the list. Default 100.
pageToken: string, Next page token for the next batch of Service Perimeter instances.
Defaults to the first page of results.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
- pageSize: integer, Number of Service Perimeters to include
-in the list. Default 100.
Returns:
An object of the form:
@@ -370,54 +571,108 @@
"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is
# empty, no further results remain.
"servicePerimeters": [ # List of the Service Perimeter instances.
- { # `ServicePerimeter` describes a set of GCP resources which can freely import
- # and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single GCP
- # project can only belong to a single regular Service Perimeter. Service
- # Perimeter Bridges can contain only GCP projects as members, a single GCP
- # project may belong to multiple Service Perimeter Bridges.
- "status": { # `ServicePerimeterConfig` specifies a set of GCP resources that describe # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted services and access levels that determine perimeter
- # content and boundaries.
- # specific Service Perimeter configuration.
- "restrictedServices": [ # GCP services that are subject to the Service Perimeter restrictions. For
- # example, if `storage.googleapis.com` is specified, access to the storage
- # buckets inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "resources": [ # A list of GCP resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via GCP calls
- # with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
+ { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
"A String",
],
},
- "updateTime": "A String", # Output only. Time the `ServicePerimeter` was updated in UTC.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # the restricted service list as well as access level lists must be
- # empty.
- "createTime": "A String", # Output only. Time the `ServicePerimeter` was created in UTC.
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
},
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # the restricted service list as well as access level lists must be
+ # empty.
+ "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+ # exists for all Service Perimeters, and that spec is identical to the
+ # status for those Service Perimeters. When this flag is set, it inhibits the
+ # generation of the implicit spec, thereby allowing the user to explicitly
+ # provide a configuration ("spec") to use in a dry-run version of the Service
+ # Perimeter. This allows the user to test changes to the enforced config
+ # ("status") without actually enforcing them. This testing is done through
+ # analyzing the differences between currently enforced and suggested
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+ # fields in the spec are set to non-default values.
+ "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
+ # allows to specify and test ServicePerimeter configuration without enforcing
+ # actual access restrictions. Only allowed to be set when the
+ # "use_explicit_dry_run_spec" flag is set.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ },
],
}</pre>
</div>
@@ -437,8 +692,8 @@
</div>
<div class="method">
- <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
- <pre>Update an Service Perimeter. The
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Update a Service Perimeter. The
longrunning operation from this RPC will have a successful status once the
changes to the Service Perimeter have
propagated to long-lasting storage. Service Perimeter containing
@@ -448,57 +703,111 @@
name: string, Required. Resource name for the ServicePerimeter. The `short_name`
component must begin with a letter and only include alphanumeric and '_'.
Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
-{ # `ServicePerimeter` describes a set of GCP resources which can freely import
- # and export data amongst themselves, but not export outside of the
- # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
- # has a target outside of the `ServicePerimeter`, the request will be blocked.
- # Otherwise the request is allowed. There are two types of Service Perimeter -
- # Regular and Bridge. Regular Service Perimeters cannot overlap, a single GCP
- # project can only belong to a single regular Service Perimeter. Service
- # Perimeter Bridges can contain only GCP projects as members, a single GCP
- # project may belong to multiple Service Perimeter Bridges.
- "status": { # `ServicePerimeterConfig` specifies a set of GCP resources that describe # Current ServicePerimeter configuration. Specifies sets of resources,
- # restricted services and access levels that determine perimeter
- # content and boundaries.
- # specific Service Perimeter configuration.
- "restrictedServices": [ # GCP services that are subject to the Service Perimeter restrictions. For
- # example, if `storage.googleapis.com` is specified, access to the storage
- # buckets inside the perimeter must meet the perimeter's access restrictions.
- "A String",
- ],
- "resources": [ # A list of GCP resources that are inside of the service perimeter.
- # Currently only projects are allowed. Format: `projects/{project_number}`
- "A String",
- ],
- "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
- # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
- # must be in the same policy as this `ServicePerimeter`. Referencing a
- # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
- # listed, resources within the perimeter can only be accessed via GCP calls
- # with request origins within the perimeter. Example:
- # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
- # For Service Perimeter Bridge, must be empty.
+{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
"A String",
],
},
- "updateTime": "A String", # Output only. Time the `ServicePerimeter` was updated in UTC.
- "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
- # component must begin with a letter and only include alphanumeric and '_'.
- # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
- "title": "A String", # Human readable title. Must be unique within the Policy.
- "perimeterType": "A String", # Perimeter type indicator. A single project is
- # allowed to be a member of single regular perimeter, but multiple service
- # perimeter bridges. A project cannot be a included in a perimeter bridge
- # without being included in regular perimeter. For perimeter bridges,
- # the restricted service list as well as access level lists must be
- # empty.
- "createTime": "A String", # Output only. Time the `ServicePerimeter` was created in UTC.
- "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
- # behavior.
- }
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # the restricted service list as well as access level lists must be
+ # empty.
+ "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+ # exists for all Service Perimeters, and that spec is identical to the
+ # status for those Service Perimeters. When this flag is set, it inhibits the
+ # generation of the implicit spec, thereby allowing the user to explicitly
+ # provide a configuration ("spec") to use in a dry-run version of the Service
+ # Perimeter. This allows the user to test changes to the enforced config
+ # ("status") without actually enforcing them. This testing is done through
+ # analyzing the differences between currently enforced and suggested
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+ # fields in the spec are set to non-default values.
+ "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
+ # allows to specify and test ServicePerimeter configuration without enforcing
+ # actual access restrictions. Only allowed to be set when the
+ # "use_explicit_dry_run_spec" flag is set.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+}
updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
x__xgafv: string, V1 error format.
@@ -554,4 +863,194 @@
}</pre>
</div>
+<div class="method">
+ <code class="details" id="replaceAll">replaceAll(parent, body=None, x__xgafv=None)</code>
+ <pre>Replace all existing Service Perimeters in an
+Access Policy
+with the Service Perimeters provided.
+This is done atomically. The longrunning operation from this
+RPC will have a successful status once all replacements have propagated to
+long-lasting storage. Replacements containing errors will result in an
+error response for the first error encountered. Replacement will be
+cancelled on error, existing Service Perimeters will not be
+affected. Operation.response field will contain
+ReplaceServicePerimetersResponse.
+
+Args:
+ parent: string, Required. Resource name for the access policy which owns these
+Service Perimeters.
+
+Format: `accessPolicies/{policy_id}` (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # A request to replace all existing Service Perimeters in an Access Policy
+ # with the Service Perimeters provided. This is done atomically.
+ "etag": "A String", # Optional. The etag for the version of the Access Policy that this
+ # replace operation is to be performed on. If, at the time of replace, the
+ # etag for the Access Policy stored in Access Context Manager is different
+ # from the specified etag, then the replace operation will not be performed
+ # and the call will fail. This field is not required. If etag is not
+ # provided, the operation will be performed as if a valid etag is provided.
+ "servicePerimeters": [ # Required. The desired Service Perimeters that should
+ # replace all existing Service Perimeters in the
+ # Access Policy.
+ { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
+ # import and export data amongst themselves, but not export outside of the
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
+ # Google Cloud project can only belong to a single regular Service Perimeter.
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
+ # a single Google Cloud project may belong to multiple Service Perimeter
+ # Bridges.
+ "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
+ # restricted services and access levels that determine perimeter
+ # content and boundaries.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect
+ # behavior.
+ "title": "A String", # Human readable title. Must be unique within the Policy.
+ "perimeterType": "A String", # Perimeter type indicator. A single project is
+ # allowed to be a member of single regular perimeter, but multiple service
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
+ # without being included in regular perimeter. For perimeter bridges,
+ # the restricted service list as well as access level lists must be
+ # empty.
+ "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
+ # exists for all Service Perimeters, and that spec is identical to the
+ # status for those Service Perimeters. When this flag is set, it inhibits the
+ # generation of the implicit spec, thereby allowing the user to explicitly
+ # provide a configuration ("spec") to use in a dry-run version of the Service
+ # Perimeter. This allows the user to test changes to the enforced config
+ # ("status") without actually enforcing them. This testing is done through
+ # analyzing the differences between currently enforced and suggested
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
+ # fields in the spec are set to non-default values.
+ "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
+ # allows to specify and test ServicePerimeter configuration without enforcing
+ # actual access restrictions. Only allowed to be set when the
+ # "use_explicit_dry_run_spec" flag is set.
+ # describe specific Service Perimeter configuration.
+ "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
+ # to the storage buckets inside the perimeter must meet the perimeter's
+ # access restrictions.
+ "A String",
+ ],
+ "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
+ # Perimeter.
+ "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of
+ # APIs specified in 'allowed_services'.
+ "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty
+ # unless 'enable_restriction' is True.
+ "A String",
+ ],
+ },
+ "resources": [ # A list of Google Cloud resources that are inside of the service perimeter.
+ # Currently only projects are allowed. Format: `projects/{project_number}`
+ "A String",
+ ],
+ "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
+ # listed, resources within the perimeter can only be accessed via Google
+ # Cloud calls with request origins within the perimeter. Example:
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
+ # For Service Perimeter Bridge, must be empty.
+ "A String",
+ ],
+ },
+ "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name`
+ # component must begin with a letter and only include alphanumeric and '_'.
+ # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ },
+ ],
+ }
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a
+ # network API call.
+ "metadata": { # Service-specific metadata associated with the operation. It typically
+ # contains progress information and common metadata such as create time.
+ # Some services might not provide such metadata. Any method that returns a
+ # long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+ # different programming environments, including REST APIs and RPC APIs. It is
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
+ #
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
+ "message": "A String", # A developer-facing error message, which should be in English. Any
+ # user-facing error message should be localized and sent in the
+ # google.rpc.Status.details field, or localized by the client.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of
+ # message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ },
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
+ }</pre>
+</div>
+
</body></html>
\ No newline at end of file