chore: regens API reference docs (#889)
diff --git a/docs/dyn/cloudfunctions_v1.projects.locations.functions.html b/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
index 1e9783f..e86439a 100644
--- a/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
+++ b/docs/dyn/cloudfunctions_v1.projects.locations.functions.html
@@ -75,16 +75,16 @@
<h1><a href="cloudfunctions_v1.html">Cloud Functions API</a> . <a href="cloudfunctions_v1.projects.html">projects</a> . <a href="cloudfunctions_v1.projects.locations.html">locations</a> . <a href="cloudfunctions_v1.projects.locations.functions.html">functions</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
- <code><a href="#call">call(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#call">call(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Synchronously invokes a deployed Cloud Function. To be used for testing</p>
<p class="toc_element">
- <code><a href="#create">create(location, body, x__xgafv=None)</a></code></p>
+ <code><a href="#create">create(location, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a new function. If a function with the given name already exists in</p>
<p class="toc_element">
<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a function with the given name from the specified project. If the</p>
<p class="toc_element">
- <code><a href="#generateDownloadUrl">generateDownloadUrl(name, body, x__xgafv=None)</a></code></p>
+ <code><a href="#generateDownloadUrl">generateDownloadUrl(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Returns a signed URL for downloading deployed function source code.</p>
<p class="toc_element">
<code><a href="#generateUploadUrl">generateUploadUrl(parent, body=None, x__xgafv=None)</a></code></p>
@@ -93,7 +93,7 @@
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Returns a function with the given name from the requested project.</p>
<p class="toc_element">
- <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p>
+ <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the IAM access control policy for a function.</p>
<p class="toc_element">
<code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
@@ -102,29 +102,29 @@
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
- <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates existing function.</p>
<p class="toc_element">
- <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
+ <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the IAM access control policy on the specified function.</p>
<p class="toc_element">
- <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
+ <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Tests the specified permissions against the IAM access control policy</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="call">call(name, body, x__xgafv=None)</code>
+ <code class="details" id="call">call(name, body=None, x__xgafv=None)</code>
<pre>Synchronously invokes a deployed Cloud Function. To be used for testing
purposes as very limited traffic is allowed. For more information on
the actual limits, refer to
[Rate Limits](https://cloud.google.com/functions/quotas#rate_limits).
Args:
- name: string, The name of the function to be called. (required)
- body: object, The request body. (required)
+ name: string, Required. The name of the function to be called. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request for the `CallFunction` method.
- "data": "A String", # Input to be passed to the function.
+ "data": "A String", # Required. Input to be passed to the function.
}
x__xgafv: string, V1 error format.
@@ -145,37 +145,30 @@
</div>
<div class="method">
- <code class="details" id="create">create(location, body, x__xgafv=None)</code>
+ <code class="details" id="create">create(location, body=None, x__xgafv=None)</code>
<pre>Creates a new function. If a function with the given name already exists in
the specified project, the long running operation will return
`ALREADY_EXISTS` error.
Args:
- location: string, The project and location in which the function should be created, specified
+ location: string, Required. The project and location in which the function should be created, specified
in the format `projects/*/locations/*` (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Describes a Cloud Function that contains user computation executed in
# response to an event. It encapsulate function and triggers configurations.
- # LINT.IfChange
- "status": "A String", # Output only. Status of the function deployment.
"eventTrigger": { # Describes EventTrigger, used to request events be sent from another # A source that fires events in response to a condition in another service.
# service.
- "eventType": "A String", # Required. The type of event to observe. For example:
- # `providers/cloud.storage/eventTypes/object.change` and
- # `providers/cloud.pubsub/eventTypes/topic.publish`.
- #
- # Event types match pattern `providers/*/eventTypes/*.*`.
- # The pattern contains:
- #
- # 1. namespace: For example, `cloud.storage` and
- # `google.firebase.analytics`.
- # 2. resource type: The type of resource on which event occurs. For
- # example, the Google Cloud Storage API includes the type `object`.
- # 3. action: The action that generates the event. For example, action for
- # a Google Cloud Storage Object is 'change'.
- # These parts are lower case.
+ "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
+ # If empty, then defaults to ignoring failures (i.e. not retrying them).
+ "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
+ # A function execution will be retried on any failure.
+ # A failed execution will be retried up to 7 days with an exponential backoff
+ # (capped at 10 seconds).
+ # Retried execution is charged as any other execution.
+ },
+ },
"resource": "A String", # Required. The resource(s) from which to observe events, for example,
# `projects/_/buckets/myBucket`.
#
@@ -200,20 +193,22 @@
# If no string is provided, the default service implementing the API will
# be used. For example, `storage.googleapis.com` is the default for all
# event types in the `google.storage` namespace.
- "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
- # If empty, then defaults to ignoring failures (i.e. not retrying them).
- "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
- # A function execution will be retried on any failure.
- # A failed execution will be retried up to 7 days with an exponential backoff
- # (capped at 10 seconds).
- # Retried execution is charged as any other execution.
- },
- },
+ "eventType": "A String", # Required. The type of event to observe. For example:
+ # `providers/cloud.storage/eventTypes/object.change` and
+ # `providers/cloud.pubsub/eventTypes/topic.publish`.
+ #
+ # Event types match pattern `providers/*/eventTypes/*.*`.
+ # The pattern contains:
+ #
+ # 1. namespace: For example, `cloud.storage` and
+ # `google.firebase.analytics`.
+ # 2. resource type: The type of resource on which event occurs. For
+ # example, the Google Cloud Storage API includes the type `object`.
+ # 3. action: The action that generates the event. For example, action for
+ # a Google Cloud Storage Object is 'change'.
+ # These parts are lower case.
},
"updateTime": "A String", # Output only. The last update timestamp of a Cloud Function.
- "description": "A String", # User-provided description of a function.
- "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
- # given time.
"sourceRepository": { # Describes SourceRepository, used to represent parameters related to # **Beta Feature**
#
# The source repository where a function is hosted.
@@ -235,8 +230,6 @@
# were defined at the time of deployment. It always points to a specific
# commit in the format described above.
},
- "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
- # by google.cloud.functions.v1.GenerateUploadUrl
"httpsTrigger": { # Describes HttpsTrigger, could be used to connect web hooks to function. # An HTTPS endpoint type of source that can be triggered via URL.
"url": "A String", # Output only. The deployed url for the function.
},
@@ -245,44 +238,8 @@
"labels": { # Labels associated with this Cloud Function.
"a_key": "A String",
},
- "environmentVariables": { # Environment variables that shall be available during function execution.
- "a_key": "A String",
- },
- "availableMemoryMb": 42, # The amount of memory in MB available for a function.
- # Defaults to 256MB.
- "versionId": "A String", # Output only.
- # The version identifier of the Cloud Function. Each deployment attempt
- # results in a new version of a function being created.
- "entryPoint": "A String", # The name of the function (as defined in source code) that will be
- # executed. Defaults to the resource name suffix, if not specified. For
- # backward compatibility, if function with given name is not found, then the
- # system will try to use function named "function".
- # For Node.js this is name of a function exported by the module specified
- # in `source_location`.
- "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
- # {project_id}@appspot.gserviceaccount.com.
- "timeout": "A String", # The function execution timeout. Execution is considered failed and
- # can be terminated if the function is not completed at the end of the
- # timeout period. Defaults to 60 seconds.
- "runtime": "A String", # Required. The runtime in which the function is going to run. Choices:
- #
- # * `nodejs6`: Node.js 6
- # * `nodejs8`: Node.js 8
- # * `nodejs10`: Node.js 10
- # * `python37`: Python 3.7
- # * `go111`: Go 1.11
- "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
- # be either the fully-qualified URI, or the short name of the network
- # connector resource. The format of this field is
- # `projects/*/locations/*/connectors/*`
- #
- # This field is mutually exclusive with `network` field and will eventually
- # replace it.
- #
- # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
- # more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "vpcConnectorEgressSettings": "A String", # The egress settings for the connector, controlling what traffic is diverted
+ # through it.
"network": "A String", # The VPC Network that this cloud function can connect to. It can be
# either the fully-qualified URI, or the short name of the network resource.
# If the short network name is used, the network must belong to the same
@@ -297,10 +254,49 @@
#
# See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
# more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
+ # by google.cloud.functions.v1.GenerateUploadUrl
+ "status": "A String", # Output only. Status of the function deployment.
+ "description": "A String", # User-provided description of a function.
+ "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
+ # given time.
+ "versionId": "A String", # Output only. The version identifier of the Cloud Function. Each deployment attempt
+ # results in a new version of a function being created.
+ "entryPoint": "A String", # The name of the function (as defined in source code) that will be
+ # executed. Defaults to the resource name suffix, if not specified. For
+ # backward compatibility, if function with given name is not found, then the
+ # system will try to use function named "function".
+ # For Node.js this is name of a function exported by the module specified
+ # in `source_location`.
"name": "A String", # A user-defined name of the function. Function names must be unique
# globally and match pattern `projects/*/locations/*/functions/*`
+ "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
+ # be either the fully-qualified URI, or the short name of the network
+ # connector resource. The format of this field is
+ # `projects/*/locations/*/connectors/*`
+ #
+ # This field is mutually exclusive with `network` field and will eventually
+ # replace it.
+ #
+ # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
+ # more information on connecting Cloud projects.
+ "environmentVariables": { # Environment variables that shall be available during function execution.
+ "a_key": "A String",
+ },
+ "availableMemoryMb": 42, # The amount of memory in MB available for a function.
+ # Defaults to 256MB.
+ "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
+ # `{project_id}@appspot.gserviceaccount.com`.
+ "timeout": "A String", # The function execution timeout. Execution is considered failed and
+ # can be terminated if the function is not completed at the end of the
+ # timeout period. Defaults to 60 seconds.
+ "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach
+ # it.
+ "runtime": "A String", # The runtime in which to run the function. Required when deploying a new
+ # function, optional when updating an existing function. For a complete
+ # list of possible choices, see the
+ # [`gcloud` command
+ # reference](/sdk/gcloud/reference/functions/deploy#--runtime).
}
x__xgafv: string, V1 error format.
@@ -321,56 +317,11 @@
},
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). The error model is designed to be:
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
#
- # - Simple to use and understand for most users
- # - Flexible enough to meet unexpected needs
- #
- # # Overview
- #
- # The `Status` message contains three pieces of data: error code, error
- # message, and error details. The error code should be an enum value of
- # google.rpc.Code, but it may accept additional error codes if needed. The
- # error message should be a developer-facing English message that helps
- # developers *understand* and *resolve* the error. If a localized user-facing
- # error message is needed, put the localized message in the error details or
- # localize it in the client. The optional error details may contain arbitrary
- # information about the error. There is a predefined set of error detail types
- # in the package `google.rpc` that can be used for common error conditions.
- #
- # # Language mapping
- #
- # The `Status` message is the logical representation of the error model, but it
- # is not necessarily the actual wire format. When the `Status` message is
- # exposed in different client libraries and different wire protocols, it can be
- # mapped differently. For example, it will likely be mapped to some exceptions
- # in Java, but more likely mapped to some error codes in C.
- #
- # # Other uses
- #
- # The error model and the `Status` message can be used in a variety of
- # environments, either with or without APIs, to provide a
- # consistent developer experience across different environments.
- #
- # Example uses of this error model include:
- #
- # - Partial errors. If a service needs to return partial errors to the client,
- # it may embed the `Status` in the normal response to indicate the partial
- # errors.
- #
- # - Workflow errors. A typical workflow has multiple steps. Each step may
- # have a `Status` message for error reporting.
- #
- # - Batch operations. If a client uses batch request and batch response, the
- # `Status` message should be used directly inside batch response, one for
- # each error sub-response.
- #
- # - Asynchronous operations. If an API call embeds asynchronous operation
- # results in its response, the status of those operations should be
- # represented directly using the `Status` message.
- #
- # - Logging. If some API errors are stored in logs, the message `Status` could
- # be used directly after any stripping needed for security/privacy reasons.
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
"message": "A String", # A developer-facing error message, which should be in English. Any
# user-facing error message should be localized and sent in the
# google.rpc.Status.details field, or localized by the client.
@@ -408,7 +359,7 @@
remove this function.
Args:
- name: string, The name of the function which should be deleted. (required)
+ name: string, Required. The name of the function which should be deleted. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -427,56 +378,11 @@
},
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). The error model is designed to be:
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
#
- # - Simple to use and understand for most users
- # - Flexible enough to meet unexpected needs
- #
- # # Overview
- #
- # The `Status` message contains three pieces of data: error code, error
- # message, and error details. The error code should be an enum value of
- # google.rpc.Code, but it may accept additional error codes if needed. The
- # error message should be a developer-facing English message that helps
- # developers *understand* and *resolve* the error. If a localized user-facing
- # error message is needed, put the localized message in the error details or
- # localize it in the client. The optional error details may contain arbitrary
- # information about the error. There is a predefined set of error detail types
- # in the package `google.rpc` that can be used for common error conditions.
- #
- # # Language mapping
- #
- # The `Status` message is the logical representation of the error model, but it
- # is not necessarily the actual wire format. When the `Status` message is
- # exposed in different client libraries and different wire protocols, it can be
- # mapped differently. For example, it will likely be mapped to some exceptions
- # in Java, but more likely mapped to some error codes in C.
- #
- # # Other uses
- #
- # The error model and the `Status` message can be used in a variety of
- # environments, either with or without APIs, to provide a
- # consistent developer experience across different environments.
- #
- # Example uses of this error model include:
- #
- # - Partial errors. If a service needs to return partial errors to the client,
- # it may embed the `Status` in the normal response to indicate the partial
- # errors.
- #
- # - Workflow errors. A typical workflow has multiple steps. Each step may
- # have a `Status` message for error reporting.
- #
- # - Batch operations. If a client uses batch request and batch response, the
- # `Status` message should be used directly inside batch response, one for
- # each error sub-response.
- #
- # - Asynchronous operations. If an API call embeds asynchronous operation
- # results in its response, the status of those operations should be
- # represented directly using the `Status` message.
- #
- # - Logging. If some API errors are stored in logs, the message `Status` could
- # be used directly after any stripping needed for security/privacy reasons.
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
"message": "A String", # A developer-facing error message, which should be in English. Any
# user-facing error message should be localized and sent in the
# google.rpc.Status.details field, or localized by the client.
@@ -508,7 +414,7 @@
</div>
<div class="method">
- <code class="details" id="generateDownloadUrl">generateDownloadUrl(name, body, x__xgafv=None)</code>
+ <code class="details" id="generateDownloadUrl">generateDownloadUrl(name, body=None, x__xgafv=None)</code>
<pre>Returns a signed URL for downloading deployed function source code.
The URL is only valid for a limited period and should be used within
minutes after generation.
@@ -518,7 +424,7 @@
Args:
name: string, The name of function for which source code Google Cloud Storage signed
URL should be generated. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request of `GenerateDownloadUrl` method.
@@ -597,7 +503,7 @@
<pre>Returns a function with the given name from the requested project.
Args:
- name: string, The name of the function which details should be obtained. (required)
+ name: string, Required. The name of the function which details should be obtained. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -608,24 +514,17 @@
{ # Describes a Cloud Function that contains user computation executed in
# response to an event. It encapsulate function and triggers configurations.
- # LINT.IfChange
- "status": "A String", # Output only. Status of the function deployment.
"eventTrigger": { # Describes EventTrigger, used to request events be sent from another # A source that fires events in response to a condition in another service.
# service.
- "eventType": "A String", # Required. The type of event to observe. For example:
- # `providers/cloud.storage/eventTypes/object.change` and
- # `providers/cloud.pubsub/eventTypes/topic.publish`.
- #
- # Event types match pattern `providers/*/eventTypes/*.*`.
- # The pattern contains:
- #
- # 1. namespace: For example, `cloud.storage` and
- # `google.firebase.analytics`.
- # 2. resource type: The type of resource on which event occurs. For
- # example, the Google Cloud Storage API includes the type `object`.
- # 3. action: The action that generates the event. For example, action for
- # a Google Cloud Storage Object is 'change'.
- # These parts are lower case.
+ "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
+ # If empty, then defaults to ignoring failures (i.e. not retrying them).
+ "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
+ # A function execution will be retried on any failure.
+ # A failed execution will be retried up to 7 days with an exponential backoff
+ # (capped at 10 seconds).
+ # Retried execution is charged as any other execution.
+ },
+ },
"resource": "A String", # Required. The resource(s) from which to observe events, for example,
# `projects/_/buckets/myBucket`.
#
@@ -650,20 +549,22 @@
# If no string is provided, the default service implementing the API will
# be used. For example, `storage.googleapis.com` is the default for all
# event types in the `google.storage` namespace.
- "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
- # If empty, then defaults to ignoring failures (i.e. not retrying them).
- "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
- # A function execution will be retried on any failure.
- # A failed execution will be retried up to 7 days with an exponential backoff
- # (capped at 10 seconds).
- # Retried execution is charged as any other execution.
- },
- },
+ "eventType": "A String", # Required. The type of event to observe. For example:
+ # `providers/cloud.storage/eventTypes/object.change` and
+ # `providers/cloud.pubsub/eventTypes/topic.publish`.
+ #
+ # Event types match pattern `providers/*/eventTypes/*.*`.
+ # The pattern contains:
+ #
+ # 1. namespace: For example, `cloud.storage` and
+ # `google.firebase.analytics`.
+ # 2. resource type: The type of resource on which event occurs. For
+ # example, the Google Cloud Storage API includes the type `object`.
+ # 3. action: The action that generates the event. For example, action for
+ # a Google Cloud Storage Object is 'change'.
+ # These parts are lower case.
},
"updateTime": "A String", # Output only. The last update timestamp of a Cloud Function.
- "description": "A String", # User-provided description of a function.
- "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
- # given time.
"sourceRepository": { # Describes SourceRepository, used to represent parameters related to # **Beta Feature**
#
# The source repository where a function is hosted.
@@ -685,8 +586,6 @@
# were defined at the time of deployment. It always points to a specific
# commit in the format described above.
},
- "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
- # by google.cloud.functions.v1.GenerateUploadUrl
"httpsTrigger": { # Describes HttpsTrigger, could be used to connect web hooks to function. # An HTTPS endpoint type of source that can be triggered via URL.
"url": "A String", # Output only. The deployed url for the function.
},
@@ -695,44 +594,8 @@
"labels": { # Labels associated with this Cloud Function.
"a_key": "A String",
},
- "environmentVariables": { # Environment variables that shall be available during function execution.
- "a_key": "A String",
- },
- "availableMemoryMb": 42, # The amount of memory in MB available for a function.
- # Defaults to 256MB.
- "versionId": "A String", # Output only.
- # The version identifier of the Cloud Function. Each deployment attempt
- # results in a new version of a function being created.
- "entryPoint": "A String", # The name of the function (as defined in source code) that will be
- # executed. Defaults to the resource name suffix, if not specified. For
- # backward compatibility, if function with given name is not found, then the
- # system will try to use function named "function".
- # For Node.js this is name of a function exported by the module specified
- # in `source_location`.
- "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
- # {project_id}@appspot.gserviceaccount.com.
- "timeout": "A String", # The function execution timeout. Execution is considered failed and
- # can be terminated if the function is not completed at the end of the
- # timeout period. Defaults to 60 seconds.
- "runtime": "A String", # Required. The runtime in which the function is going to run. Choices:
- #
- # * `nodejs6`: Node.js 6
- # * `nodejs8`: Node.js 8
- # * `nodejs10`: Node.js 10
- # * `python37`: Python 3.7
- # * `go111`: Go 1.11
- "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
- # be either the fully-qualified URI, or the short name of the network
- # connector resource. The format of this field is
- # `projects/*/locations/*/connectors/*`
- #
- # This field is mutually exclusive with `network` field and will eventually
- # replace it.
- #
- # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
- # more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "vpcConnectorEgressSettings": "A String", # The egress settings for the connector, controlling what traffic is diverted
+ # through it.
"network": "A String", # The VPC Network that this cloud function can connect to. It can be
# either the fully-qualified URI, or the short name of the network resource.
# If the short network name is used, the network must belong to the same
@@ -747,15 +610,54 @@
#
# See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
# more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
+ # by google.cloud.functions.v1.GenerateUploadUrl
+ "status": "A String", # Output only. Status of the function deployment.
+ "description": "A String", # User-provided description of a function.
+ "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
+ # given time.
+ "versionId": "A String", # Output only. The version identifier of the Cloud Function. Each deployment attempt
+ # results in a new version of a function being created.
+ "entryPoint": "A String", # The name of the function (as defined in source code) that will be
+ # executed. Defaults to the resource name suffix, if not specified. For
+ # backward compatibility, if function with given name is not found, then the
+ # system will try to use function named "function".
+ # For Node.js this is name of a function exported by the module specified
+ # in `source_location`.
"name": "A String", # A user-defined name of the function. Function names must be unique
# globally and match pattern `projects/*/locations/*/functions/*`
+ "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
+ # be either the fully-qualified URI, or the short name of the network
+ # connector resource. The format of this field is
+ # `projects/*/locations/*/connectors/*`
+ #
+ # This field is mutually exclusive with `network` field and will eventually
+ # replace it.
+ #
+ # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
+ # more information on connecting Cloud projects.
+ "environmentVariables": { # Environment variables that shall be available during function execution.
+ "a_key": "A String",
+ },
+ "availableMemoryMb": 42, # The amount of memory in MB available for a function.
+ # Defaults to 256MB.
+ "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
+ # `{project_id}@appspot.gserviceaccount.com`.
+ "timeout": "A String", # The function execution timeout. Execution is considered failed and
+ # can be terminated if the function is not completed at the end of the
+ # timeout period. Defaults to 60 seconds.
+ "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach
+ # it.
+ "runtime": "A String", # The runtime in which to run the function. Required when deploying a new
+ # function, optional when updating an existing function. For a complete
+ # list of possible choices, see the
+ # [`gcloud` command
+ # reference](/sdk/gcloud/reference/functions/deploy#--runtime).
}</pre>
</div>
<div class="method">
- <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code>
+ <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>
<pre>Gets the IAM access control policy for a function.
Returns an empty policy if the function exists and does not have a policy
set.
@@ -763,6 +665,14 @@
Args:
resource: string, REQUIRED: The resource for which the policy is being requested.
See the operation documentation for the appropriate value for this field. (required)
+ options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.
+
+Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+rejected.
+
+Requests for policies with any conditional bindings must specify version 3.
+Policies without any conditional bindings may specify any valid value or
+leave the field unset.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -771,51 +681,166 @@
Returns:
An object of the form:
- { # Defines an Identity and Access Management (IAM) policy. It is used to
- # specify access control policies for Cloud Platform resources.
+ { # An Identity and Access Management (IAM) policy, which specifies access
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
@@ -837,7 +862,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -849,7 +874,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -857,7 +882,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -865,9 +890,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -877,7 +902,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -887,7 +912,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -901,60 +926,6 @@
# `allServices` is a special value that covers all services.
},
],
- "version": 42, # Deprecated.
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
- },
- ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -963,8 +934,31 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
}</pre>
</div>
@@ -976,7 +970,9 @@
parent: string, The project and location from which the function should be listed,
specified in the format `projects/*/locations/*`
If you want to list functions in all locations, use "-" in place of a
-location. (required)
+location. When listing functions in all locations, if one or more
+location(s) are unreachable, the response will contain functions from all
+reachable locations along with the names of any unreachable locations. (required)
pageSize: integer, Maximum number of functions to return per call.
pageToken: string, The value returned by the last
`ListFunctionsResponse`; indicates that
@@ -995,27 +991,24 @@
# the request; this value should be passed in a new
# google.cloud.functions.v1.ListFunctionsRequest
# to get more functions.
+ "unreachable": [ # Locations that could not be reached. The response does not include any
+ # functions from these locations.
+ "A String",
+ ],
"functions": [ # The functions that match the request.
{ # Describes a Cloud Function that contains user computation executed in
# response to an event. It encapsulate function and triggers configurations.
- # LINT.IfChange
- "status": "A String", # Output only. Status of the function deployment.
"eventTrigger": { # Describes EventTrigger, used to request events be sent from another # A source that fires events in response to a condition in another service.
# service.
- "eventType": "A String", # Required. The type of event to observe. For example:
- # `providers/cloud.storage/eventTypes/object.change` and
- # `providers/cloud.pubsub/eventTypes/topic.publish`.
- #
- # Event types match pattern `providers/*/eventTypes/*.*`.
- # The pattern contains:
- #
- # 1. namespace: For example, `cloud.storage` and
- # `google.firebase.analytics`.
- # 2. resource type: The type of resource on which event occurs. For
- # example, the Google Cloud Storage API includes the type `object`.
- # 3. action: The action that generates the event. For example, action for
- # a Google Cloud Storage Object is 'change'.
- # These parts are lower case.
+ "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
+ # If empty, then defaults to ignoring failures (i.e. not retrying them).
+ "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
+ # A function execution will be retried on any failure.
+ # A failed execution will be retried up to 7 days with an exponential backoff
+ # (capped at 10 seconds).
+ # Retried execution is charged as any other execution.
+ },
+ },
"resource": "A String", # Required. The resource(s) from which to observe events, for example,
# `projects/_/buckets/myBucket`.
#
@@ -1040,20 +1033,22 @@
# If no string is provided, the default service implementing the API will
# be used. For example, `storage.googleapis.com` is the default for all
# event types in the `google.storage` namespace.
- "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
- # If empty, then defaults to ignoring failures (i.e. not retrying them).
- "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
- # A function execution will be retried on any failure.
- # A failed execution will be retried up to 7 days with an exponential backoff
- # (capped at 10 seconds).
- # Retried execution is charged as any other execution.
- },
- },
+ "eventType": "A String", # Required. The type of event to observe. For example:
+ # `providers/cloud.storage/eventTypes/object.change` and
+ # `providers/cloud.pubsub/eventTypes/topic.publish`.
+ #
+ # Event types match pattern `providers/*/eventTypes/*.*`.
+ # The pattern contains:
+ #
+ # 1. namespace: For example, `cloud.storage` and
+ # `google.firebase.analytics`.
+ # 2. resource type: The type of resource on which event occurs. For
+ # example, the Google Cloud Storage API includes the type `object`.
+ # 3. action: The action that generates the event. For example, action for
+ # a Google Cloud Storage Object is 'change'.
+ # These parts are lower case.
},
"updateTime": "A String", # Output only. The last update timestamp of a Cloud Function.
- "description": "A String", # User-provided description of a function.
- "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
- # given time.
"sourceRepository": { # Describes SourceRepository, used to represent parameters related to # **Beta Feature**
#
# The source repository where a function is hosted.
@@ -1075,8 +1070,6 @@
# were defined at the time of deployment. It always points to a specific
# commit in the format described above.
},
- "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
- # by google.cloud.functions.v1.GenerateUploadUrl
"httpsTrigger": { # Describes HttpsTrigger, could be used to connect web hooks to function. # An HTTPS endpoint type of source that can be triggered via URL.
"url": "A String", # Output only. The deployed url for the function.
},
@@ -1085,44 +1078,8 @@
"labels": { # Labels associated with this Cloud Function.
"a_key": "A String",
},
- "environmentVariables": { # Environment variables that shall be available during function execution.
- "a_key": "A String",
- },
- "availableMemoryMb": 42, # The amount of memory in MB available for a function.
- # Defaults to 256MB.
- "versionId": "A String", # Output only.
- # The version identifier of the Cloud Function. Each deployment attempt
- # results in a new version of a function being created.
- "entryPoint": "A String", # The name of the function (as defined in source code) that will be
- # executed. Defaults to the resource name suffix, if not specified. For
- # backward compatibility, if function with given name is not found, then the
- # system will try to use function named "function".
- # For Node.js this is name of a function exported by the module specified
- # in `source_location`.
- "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
- # {project_id}@appspot.gserviceaccount.com.
- "timeout": "A String", # The function execution timeout. Execution is considered failed and
- # can be terminated if the function is not completed at the end of the
- # timeout period. Defaults to 60 seconds.
- "runtime": "A String", # Required. The runtime in which the function is going to run. Choices:
- #
- # * `nodejs6`: Node.js 6
- # * `nodejs8`: Node.js 8
- # * `nodejs10`: Node.js 10
- # * `python37`: Python 3.7
- # * `go111`: Go 1.11
- "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
- # be either the fully-qualified URI, or the short name of the network
- # connector resource. The format of this field is
- # `projects/*/locations/*/connectors/*`
- #
- # This field is mutually exclusive with `network` field and will eventually
- # replace it.
- #
- # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
- # more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "vpcConnectorEgressSettings": "A String", # The egress settings for the connector, controlling what traffic is diverted
+ # through it.
"network": "A String", # The VPC Network that this cloud function can connect to. It can be
# either the fully-qualified URI, or the short name of the network resource.
# If the short network name is used, the network must belong to the same
@@ -1137,10 +1094,49 @@
#
# See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
# more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
+ # by google.cloud.functions.v1.GenerateUploadUrl
+ "status": "A String", # Output only. Status of the function deployment.
+ "description": "A String", # User-provided description of a function.
+ "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
+ # given time.
+ "versionId": "A String", # Output only. The version identifier of the Cloud Function. Each deployment attempt
+ # results in a new version of a function being created.
+ "entryPoint": "A String", # The name of the function (as defined in source code) that will be
+ # executed. Defaults to the resource name suffix, if not specified. For
+ # backward compatibility, if function with given name is not found, then the
+ # system will try to use function named "function".
+ # For Node.js this is name of a function exported by the module specified
+ # in `source_location`.
"name": "A String", # A user-defined name of the function. Function names must be unique
# globally and match pattern `projects/*/locations/*/functions/*`
+ "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
+ # be either the fully-qualified URI, or the short name of the network
+ # connector resource. The format of this field is
+ # `projects/*/locations/*/connectors/*`
+ #
+ # This field is mutually exclusive with `network` field and will eventually
+ # replace it.
+ #
+ # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
+ # more information on connecting Cloud projects.
+ "environmentVariables": { # Environment variables that shall be available during function execution.
+ "a_key": "A String",
+ },
+ "availableMemoryMb": 42, # The amount of memory in MB available for a function.
+ # Defaults to 256MB.
+ "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
+ # `{project_id}@appspot.gserviceaccount.com`.
+ "timeout": "A String", # The function execution timeout. Execution is considered failed and
+ # can be terminated if the function is not completed at the end of the
+ # timeout period. Defaults to 60 seconds.
+ "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach
+ # it.
+ "runtime": "A String", # The runtime in which to run the function. Required when deploying a new
+ # function, optional when updating an existing function. For a complete
+ # list of possible choices, see the
+ # [`gcloud` command
+ # reference](/sdk/gcloud/reference/functions/deploy#--runtime).
},
],
}</pre>
@@ -1161,35 +1157,28 @@
</div>
<div class="method">
- <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
<pre>Updates existing function.
Args:
name: string, A user-defined name of the function. Function names must be unique
globally and match pattern `projects/*/locations/*/functions/*` (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Describes a Cloud Function that contains user computation executed in
# response to an event. It encapsulate function and triggers configurations.
- # LINT.IfChange
- "status": "A String", # Output only. Status of the function deployment.
"eventTrigger": { # Describes EventTrigger, used to request events be sent from another # A source that fires events in response to a condition in another service.
# service.
- "eventType": "A String", # Required. The type of event to observe. For example:
- # `providers/cloud.storage/eventTypes/object.change` and
- # `providers/cloud.pubsub/eventTypes/topic.publish`.
- #
- # Event types match pattern `providers/*/eventTypes/*.*`.
- # The pattern contains:
- #
- # 1. namespace: For example, `cloud.storage` and
- # `google.firebase.analytics`.
- # 2. resource type: The type of resource on which event occurs. For
- # example, the Google Cloud Storage API includes the type `object`.
- # 3. action: The action that generates the event. For example, action for
- # a Google Cloud Storage Object is 'change'.
- # These parts are lower case.
+ "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
+ # If empty, then defaults to ignoring failures (i.e. not retrying them).
+ "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
+ # A function execution will be retried on any failure.
+ # A failed execution will be retried up to 7 days with an exponential backoff
+ # (capped at 10 seconds).
+ # Retried execution is charged as any other execution.
+ },
+ },
"resource": "A String", # Required. The resource(s) from which to observe events, for example,
# `projects/_/buckets/myBucket`.
#
@@ -1214,20 +1203,22 @@
# If no string is provided, the default service implementing the API will
# be used. For example, `storage.googleapis.com` is the default for all
# event types in the `google.storage` namespace.
- "failurePolicy": { # Describes the policy in case of function's execution failure. # Specifies policy for failed executions.
- # If empty, then defaults to ignoring failures (i.e. not retrying them).
- "retry": { # Describes the retry policy in case of function's execution failure. # If specified, then the function will be retried in case of a failure.
- # A function execution will be retried on any failure.
- # A failed execution will be retried up to 7 days with an exponential backoff
- # (capped at 10 seconds).
- # Retried execution is charged as any other execution.
- },
- },
+ "eventType": "A String", # Required. The type of event to observe. For example:
+ # `providers/cloud.storage/eventTypes/object.change` and
+ # `providers/cloud.pubsub/eventTypes/topic.publish`.
+ #
+ # Event types match pattern `providers/*/eventTypes/*.*`.
+ # The pattern contains:
+ #
+ # 1. namespace: For example, `cloud.storage` and
+ # `google.firebase.analytics`.
+ # 2. resource type: The type of resource on which event occurs. For
+ # example, the Google Cloud Storage API includes the type `object`.
+ # 3. action: The action that generates the event. For example, action for
+ # a Google Cloud Storage Object is 'change'.
+ # These parts are lower case.
},
"updateTime": "A String", # Output only. The last update timestamp of a Cloud Function.
- "description": "A String", # User-provided description of a function.
- "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
- # given time.
"sourceRepository": { # Describes SourceRepository, used to represent parameters related to # **Beta Feature**
#
# The source repository where a function is hosted.
@@ -1249,8 +1240,6 @@
# were defined at the time of deployment. It always points to a specific
# commit in the format described above.
},
- "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
- # by google.cloud.functions.v1.GenerateUploadUrl
"httpsTrigger": { # Describes HttpsTrigger, could be used to connect web hooks to function. # An HTTPS endpoint type of source that can be triggered via URL.
"url": "A String", # Output only. The deployed url for the function.
},
@@ -1259,44 +1248,8 @@
"labels": { # Labels associated with this Cloud Function.
"a_key": "A String",
},
- "environmentVariables": { # Environment variables that shall be available during function execution.
- "a_key": "A String",
- },
- "availableMemoryMb": 42, # The amount of memory in MB available for a function.
- # Defaults to 256MB.
- "versionId": "A String", # Output only.
- # The version identifier of the Cloud Function. Each deployment attempt
- # results in a new version of a function being created.
- "entryPoint": "A String", # The name of the function (as defined in source code) that will be
- # executed. Defaults to the resource name suffix, if not specified. For
- # backward compatibility, if function with given name is not found, then the
- # system will try to use function named "function".
- # For Node.js this is name of a function exported by the module specified
- # in `source_location`.
- "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
- # {project_id}@appspot.gserviceaccount.com.
- "timeout": "A String", # The function execution timeout. Execution is considered failed and
- # can be terminated if the function is not completed at the end of the
- # timeout period. Defaults to 60 seconds.
- "runtime": "A String", # Required. The runtime in which the function is going to run. Choices:
- #
- # * `nodejs6`: Node.js 6
- # * `nodejs8`: Node.js 8
- # * `nodejs10`: Node.js 10
- # * `python37`: Python 3.7
- # * `go111`: Go 1.11
- "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
- # be either the fully-qualified URI, or the short name of the network
- # connector resource. The format of this field is
- # `projects/*/locations/*/connectors/*`
- #
- # This field is mutually exclusive with `network` field and will eventually
- # replace it.
- #
- # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
- # more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "vpcConnectorEgressSettings": "A String", # The egress settings for the connector, controlling what traffic is diverted
+ # through it.
"network": "A String", # The VPC Network that this cloud function can connect to. It can be
# either the fully-qualified URI, or the short name of the network resource.
# If the short network name is used, the network must belong to the same
@@ -1311,10 +1264,49 @@
#
# See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
# more information on connecting Cloud projects.
- #
- # This feature is currently in alpha, available only for whitelisted users.
+ "sourceUploadUrl": "A String", # The Google Cloud Storage signed URL used for source uploading, generated
+ # by google.cloud.functions.v1.GenerateUploadUrl
+ "status": "A String", # Output only. Status of the function deployment.
+ "description": "A String", # User-provided description of a function.
+ "maxInstances": 42, # The limit on the maximum number of function instances that may coexist at a
+ # given time.
+ "versionId": "A String", # Output only. The version identifier of the Cloud Function. Each deployment attempt
+ # results in a new version of a function being created.
+ "entryPoint": "A String", # The name of the function (as defined in source code) that will be
+ # executed. Defaults to the resource name suffix, if not specified. For
+ # backward compatibility, if function with given name is not found, then the
+ # system will try to use function named "function".
+ # For Node.js this is name of a function exported by the module specified
+ # in `source_location`.
"name": "A String", # A user-defined name of the function. Function names must be unique
# globally and match pattern `projects/*/locations/*/functions/*`
+ "vpcConnector": "A String", # The VPC Network Connector that this cloud function can connect to. It can
+ # be either the fully-qualified URI, or the short name of the network
+ # connector resource. The format of this field is
+ # `projects/*/locations/*/connectors/*`
+ #
+ # This field is mutually exclusive with `network` field and will eventually
+ # replace it.
+ #
+ # See [the VPC documentation](https://cloud.google.com/compute/docs/vpc) for
+ # more information on connecting Cloud projects.
+ "environmentVariables": { # Environment variables that shall be available during function execution.
+ "a_key": "A String",
+ },
+ "availableMemoryMb": 42, # The amount of memory in MB available for a function.
+ # Defaults to 256MB.
+ "serviceAccountEmail": "A String", # The email of the function's service account. If empty, defaults to
+ # `{project_id}@appspot.gserviceaccount.com`.
+ "timeout": "A String", # The function execution timeout. Execution is considered failed and
+ # can be terminated if the function is not completed at the end of the
+ # timeout period. Defaults to 60 seconds.
+ "ingressSettings": "A String", # The ingress settings for the function, controlling what traffic can reach
+ # it.
+ "runtime": "A String", # The runtime in which to run the function. Required when deploying a new
+ # function, optional when updating an existing function. For a complete
+ # list of possible choices, see the
+ # [`gcloud` command
+ # reference](/sdk/gcloud/reference/functions/deploy#--runtime).
}
updateMask: string, Required list of fields to be updated in this request.
@@ -1336,56 +1328,11 @@
},
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
- # used by [gRPC](https://github.com/grpc). The error model is designed to be:
+ # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+ # three pieces of data: error code, error message, and error details.
#
- # - Simple to use and understand for most users
- # - Flexible enough to meet unexpected needs
- #
- # # Overview
- #
- # The `Status` message contains three pieces of data: error code, error
- # message, and error details. The error code should be an enum value of
- # google.rpc.Code, but it may accept additional error codes if needed. The
- # error message should be a developer-facing English message that helps
- # developers *understand* and *resolve* the error. If a localized user-facing
- # error message is needed, put the localized message in the error details or
- # localize it in the client. The optional error details may contain arbitrary
- # information about the error. There is a predefined set of error detail types
- # in the package `google.rpc` that can be used for common error conditions.
- #
- # # Language mapping
- #
- # The `Status` message is the logical representation of the error model, but it
- # is not necessarily the actual wire format. When the `Status` message is
- # exposed in different client libraries and different wire protocols, it can be
- # mapped differently. For example, it will likely be mapped to some exceptions
- # in Java, but more likely mapped to some error codes in C.
- #
- # # Other uses
- #
- # The error model and the `Status` message can be used in a variety of
- # environments, either with or without APIs, to provide a
- # consistent developer experience across different environments.
- #
- # Example uses of this error model include:
- #
- # - Partial errors. If a service needs to return partial errors to the client,
- # it may embed the `Status` in the normal response to indicate the partial
- # errors.
- #
- # - Workflow errors. A typical workflow has multiple steps. Each step may
- # have a `Status` message for error reporting.
- #
- # - Batch operations. If a client uses batch request and batch response, the
- # `Status` message should be used directly inside batch response, one for
- # each error sub-response.
- #
- # - Asynchronous operations. If an API call embeds asynchronous operation
- # results in its response, the status of those operations should be
- # represented directly using the `Status` message.
- #
- # - Logging. If some API errors are stored in logs, the message `Status` could
- # be used directly after any stripping needed for security/privacy reasons.
+ # You can find out more about this error model and how to work with it in the
+ # [API Design Guide](https://cloud.google.com/apis/design/errors).
"message": "A String", # A developer-facing error message, which should be in English. Any
# user-facing error message should be localized and sent in the
# google.rpc.Status.details field, or localized by the client.
@@ -1417,65 +1364,180 @@
</div>
<div class="method">
- <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
+ <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
<pre>Sets the IAM access control policy on the specified function.
Replaces any existing policy.
Args:
resource: string, REQUIRED: The resource for which the policy is being specified.
See the operation documentation for the appropriate value for this field. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
# might reject them.
- # specify access control policies for Cloud Platform resources.
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
@@ -1497,7 +1559,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -1509,7 +1571,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -1517,7 +1579,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -1525,9 +1587,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -1537,7 +1599,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -1547,7 +1609,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -1561,60 +1623,6 @@
# `allServices` is a special value that covers all services.
},
],
- "version": 42, # Deprecated.
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
- },
- ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -1623,8 +1631,31 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
},
"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the
@@ -1641,51 +1672,166 @@
Returns:
An object of the form:
- { # Defines an Identity and Access Management (IAM) policy. It is used to
- # specify access control policies for Cloud Platform resources.
+ { # An Identity and Access Management (IAM) policy, which specifies access
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`.
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+ # `members` can have the following values:
+ #
+ # * `allUsers`: A special identifier that represents anyone who is
+ # on the internet; with or without a Google account.
+ #
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
+ # who is authenticated with a Google account or a service account.
+ #
+ # * `user:{emailid}`: An email address that represents a specific Google
+ # account. For example, `alice@example.com` .
+ #
+ #
+ # * `serviceAccount:{emailid}`: An email address that represents a service
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
+ #
+ # * `group:{emailid}`: An email address that represents a Google group.
+ # For example, `admins@example.com`.
+ #
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
+ #
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ # users of that domain. For example, `google.com` or `example.com`.
+ #
+ "A String",
+ ],
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
+ },
+ ],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
@@ -1707,7 +1853,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -1719,7 +1865,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -1727,7 +1873,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -1735,9 +1881,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -1747,7 +1893,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -1757,7 +1903,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -1771,60 +1917,6 @@
# `allServices` is a special value that covers all services.
},
],
- "version": 42, # Deprecated.
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
- { # Associates `members` with a `role`.
- "role": "A String", # Role that is assigned to `members`.
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
- # `members` can have the following values:
- #
- # * `allUsers`: A special identifier that represents anyone who is
- # on the internet; with or without a Google account.
- #
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
- # who is authenticated with a Google account or a service account.
- #
- # * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
- #
- #
- # * `serviceAccount:{emailid}`: An email address that represents a service
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
- #
- # * `group:{emailid}`: An email address that represents a Google group.
- # For example, `admins@example.com`.
- #
- #
- # * `domain:{domain}`: The G Suite domain (primary) that represents all the
- # users of that domain. For example, `google.com` or `example.com`.
- #
- "A String",
- ],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
- },
- ],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
@@ -1833,13 +1925,36 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
}</pre>
</div>
<div class="method">
- <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
+ <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
<pre>Tests the specified permissions against the IAM access control policy
for a function.
If the function does not exist, this will return an empty set of
@@ -1848,7 +1963,7 @@
Args:
resource: string, REQUIRED: The resource for which the policy detail is being requested.
See the operation documentation for the appropriate value for this field. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for `TestIamPermissions` method.