chore: regens API reference docs (#889)
diff --git a/docs/dyn/servicemanagement_v1.services.html b/docs/dyn/servicemanagement_v1.services.html
index 3e4049c..b001510 100644
--- a/docs/dyn/servicemanagement_v1.services.html
+++ b/docs/dyn/servicemanagement_v1.services.html
@@ -90,19 +90,19 @@
<p class="firstline">Returns the rollouts Resource.</p>
<p class="toc_element">
- <code><a href="#create">create(body, x__xgafv=None)</a></code></p>
+ <code><a href="#create">create(body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a new managed service.</p>
<p class="toc_element">
<code><a href="#delete">delete(serviceName, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a managed service. This method will change the service to the</p>
<p class="toc_element">
- <code><a href="#disable">disable(serviceName, body, x__xgafv=None)</a></code></p>
+ <code><a href="#disable">disable(serviceName, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Disables a service for a project, so it can no longer be</p>
<p class="toc_element">
- <code><a href="#enable">enable(serviceName, body, x__xgafv=None)</a></code></p>
+ <code><a href="#enable">enable(serviceName, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Enables a service for a project, so it can be used</p>
<p class="toc_element">
- <code><a href="#generateConfigReport">generateConfigReport(body, x__xgafv=None)</a></code></p>
+ <code><a href="#generateConfigReport">generateConfigReport(body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Generates and returns a report (errors, warnings and changes from</p>
<p class="toc_element">
<code><a href="#get">get(serviceName, x__xgafv=None)</a></code></p>
@@ -120,24 +120,31 @@
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
- <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
+ <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
<p class="toc_element">
- <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
+ <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
<p class="toc_element">
<code><a href="#undelete">undelete(serviceName, x__xgafv=None)</a></code></p>
<p class="firstline">Revives a previously deleted managed service. The method restores the</p>
<h3>Method Details</h3>
<div class="method">
- <code class="details" id="create">create(body, x__xgafv=None)</code>
+ <code class="details" id="create">create(body=None, x__xgafv=None)</code>
<pre>Creates a new managed service.
-Please note one producer project can own no more than 20 services.
-Operation<response: ManagedService>
+A managed service is immutable, and is subject to mandatory 30-day
+data retention. You cannot move a service or recreate it within 30 days
+after deletion.
+
+One producer project can own no more than 500 services. For security and
+reliability purposes, a production service should be hosted in a
+dedicated producer project.
+
+Operation<response: ManagedService>
Args:
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # The full representation of a Service that is managed by
@@ -157,28 +164,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
@@ -197,6 +188,22 @@
},
],
},
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
}</pre>
</div>
@@ -207,10 +214,10 @@
call UndeleteService to restore the service.
After 30 days, the service will be permanently deleted.
-Operation<response: google.protobuf.Empty>
+Operation<response: google.protobuf.Empty>
Args:
- serviceName: string, The name of the service. See the [overview](/service-management/overview)
+ serviceName: string, Required. The name of the service. See the [overview](/service-management/overview)
for naming requirements. For example: `example.googleapis.com`. (required)
x__xgafv: string, V1 error format.
Allowed values
@@ -222,28 +229,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
@@ -262,30 +253,46 @@
},
],
},
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
}</pre>
</div>
<div class="method">
- <code class="details" id="disable">disable(serviceName, body, x__xgafv=None)</code>
+ <code class="details" id="disable">disable(serviceName, body=None, x__xgafv=None)</code>
<pre>Disables a service for a project, so it can no longer be
be used for the project. It prevents accidental usage that may cause
unexpected billing charges or security leaks.
-Operation<response: DisableServiceResponse>
+Operation<response: DisableServiceResponse>
Args:
- serviceName: string, Name of the service to disable. Specifying an unknown service name
+ serviceName: string, Required. Name of the service to disable. Specifying an unknown service name
will cause the request to fail. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for DisableService method.
- "consumerId": "A String", # The identity of consumer resource which service disablement will be
+ "consumerId": "A String", # Required. The identity of consumer resource which service disablement will be
# applied to.
#
# The Google Service Management implementation accepts the following
# forms:
- # - "project:<project_id>"
+ # - "project:<project_id>"
#
# Note: this is made compatible with
# google.api.servicecontrol.v1.Operation.consumer_id.
@@ -301,28 +308,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
@@ -341,31 +332,47 @@
},
],
},
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
}</pre>
</div>
<div class="method">
- <code class="details" id="enable">enable(serviceName, body, x__xgafv=None)</code>
+ <code class="details" id="enable">enable(serviceName, body=None, x__xgafv=None)</code>
<pre>Enables a service for a project, so it can be used
for the project. See
[Cloud Auth Guide](https://cloud.google.com/docs/authentication) for
more information.
-Operation<response: EnableServiceResponse>
+Operation<response: EnableServiceResponse>
Args:
- serviceName: string, Name of the service to enable. Specifying an unknown service name will
+ serviceName: string, Required. Name of the service to enable. Specifying an unknown service name will
cause the request to fail. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for EnableService method.
- "consumerId": "A String", # The identity of consumer resource which service enablement will be
+ "consumerId": "A String", # Required. The identity of consumer resource which service enablement will be
# applied to.
#
# The Google Service Management implementation accepts the following
# forms:
- # - "project:<project_id>"
+ # - "project:<project_id>"
#
# Note: this is made compatible with
# google.api.servicecontrol.v1.Operation.consumer_id.
@@ -381,28 +388,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
@@ -421,11 +412,27 @@
},
],
},
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
}</pre>
</div>
<div class="method">
- <code class="details" id="generateConfigReport">generateConfigReport(body, x__xgafv=None)</code>
+ <code class="details" id="generateConfigReport">generateConfigReport(body=None, x__xgafv=None)</code>
<pre>Generates and returns a report (errors, warnings and changes from
existing configurations) associated with
GenerateConfigReportRequest.new_value
@@ -439,18 +446,18 @@
service configuration.
Args:
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for GenerateConfigReport method.
- "newConfig": { # Service configuration for which we want to generate the report.
+ "newConfig": { # Required. Service configuration for which we want to generate the report.
# For this version of API, the supported types are
# google.api.servicemanagement.v1.ConfigRef,
# google.api.servicemanagement.v1.ConfigSource,
# and google.api.Service
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "oldConfig": { # Service configuration against which the comparison will be done.
+ "oldConfig": { # Optional. Service configuration against which the comparison will be done.
# For this version of API, the supported types are
# google.api.servicemanagement.v1.ConfigRef,
# google.api.servicemanagement.v1.ConfigSource,
@@ -531,7 +538,7 @@
public.
Args:
- serviceName: string, The name of the service. See the `ServiceManager` overview for naming
+ serviceName: string, Required. The name of the service. See the `ServiceManager` overview for naming
requirements. For example: `example.googleapis.com`. (required)
x__xgafv: string, V1 error format.
Allowed values
@@ -554,9 +561,9 @@
<pre>Gets a service configuration (version) for a managed service.
Args:
- serviceName: string, The name of the service. See the [overview](/service-management/overview)
+ serviceName: string, Required. The name of the service. See the [overview](/service-management/overview)
for naming requirements. For example: `example.googleapis.com`. (required)
- configId: string, The id of the service configuration resource.
+ configId: string, Required. The id of the service configuration resource.
This field must be specified for the server to return all fields, including
`SourceInfo`.
@@ -610,18 +617,12 @@
# Different APIs can support different monitored resource types. APIs generally
# provide a `list` method that returns the monitored resource descriptors used
# by the API.
- #
- # Next ID: 10
"displayName": "A String", # Optional. A concise name for the monitored resource type that might be
# displayed in user interfaces. It should be a Title Cased Noun Phrase,
# without any article or other determiners. For example,
# `"Google Cloud SQL Database"`.
- "name": "A String", # Optional. The resource name of the monitored resource descriptor:
- # `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
- # {type} is the value of the `type` field in this object and
- # {project_id} is a project ID that provides API-specific context for
- # accessing the type. APIs that do not use project information can use the
- # resource name format `"monitoredResourceDescriptors/{type}"`.
+ "description": "A String", # Optional. A detailed description of the monitored resource type that might
+ # be used in documentation.
"labels": [ # Required. A set of labels used to describe instances of this monitored
# resource type. For example, an individual Google Cloud SQL database is
# identified by values for the labels `"database_id"` and `"zone"`.
@@ -635,8 +636,12 @@
"type": "A String", # Required. The monitored resource type. For example, the type
# `"cloudsql_database"` represents databases in Google Cloud SQL.
# The maximum length of this value is 256 characters.
- "description": "A String", # Optional. A detailed description of the monitored resource type that might
- # be used in documentation.
+ "name": "A String", # Optional. The resource name of the monitored resource descriptor:
+ # `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
+ # {type} is the value of the `type` field in this object and
+ # {project_id} is a project ID that provides API-specific context for
+ # accessing the type. APIs that do not use project information can use the
+ # resource name format `"monitoredResourceDescriptors/{type}"`.
},
],
"logs": [ # Defines the logs used by this service.
@@ -726,15 +731,35 @@
},
],
},
- "id": "A String", # A unique ID for a specific instance of this message, typically assigned
- # by the client for tracking purpose. If empty, the server may choose to
- # generate one instead. Must be no longer than 60 characters.
"backend": { # `Backend` defines the backend configuration for a service. # API backend configuration.
"rules": [ # A list of API backend rules that apply to individual API methods.
#
# **NOTE:** All service configuration rules follow "last one wins" order.
{ # A backend rule provides configuration for an individual API element.
- "jwtAudience": "A String", # The JWT audience is used when generating a JWT id token for the backend.
+ "jwtAudience": "A String", # The JWT audience is used when generating a JWT ID token for the backend.
+ # This ID token will be added in the HTTP "authorization" header, and sent
+ # to the backend.
+ "protocol": "A String", # The protocol used for sending a request to the backend.
+ # The supported values are "http/1.1" and "h2".
+ #
+ # The default value is inferred from the scheme in the
+ # address field:
+ #
+ # SCHEME PROTOCOL
+ # http:// http/1.1
+ # https:// http/1.1
+ # grpc:// h2
+ # grpcs:// h2
+ #
+ # For secure HTTP backends (https://) that support HTTP/2, set this field
+ # to "h2" for improved performance.
+ #
+ # Configuring this field to non-default values is only supported for secure
+ # HTTP backends. This field will be ignored for all other backends.
+ #
+ # See
+ # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+ # for more details on the supported values.
"pathTranslation": "A String",
"minDeadline": 3.14, # Minimum deadline in seconds needed for this method. Calls having deadline
# value lower than this will be rejected.
@@ -743,9 +768,65 @@
# Refer to selector for syntax details.
"operationDeadline": 3.14, # The number of seconds to wait for the completion of a long running
# operation. The default is no deadline.
- "deadline": 3.14, # The number of seconds to wait for a response from a request. The default
- # deadline for gRPC is infinite (no deadline) and HTTP requests is 5 seconds.
+ "deadline": 3.14, # The number of seconds to wait for a response from a request. The default
+ # varies based on the request protocol and deployment environment.
+ "disableAuth": True or False, # When disable_auth is true, a JWT ID token won't be generated and the
+ # original "Authorization" HTTP header will be preserved. If the header is
+ # used to carry the original token and is expected by the backend, this
+ # field must be set to true to preserve the header.
"address": "A String", # The address of the API backend.
+ #
+ # The scheme is used to determine the backend protocol and security.
+ # The following schemes are accepted:
+ #
+ # SCHEME PROTOCOL SECURITY
+ # http:// HTTP None
+ # https:// HTTP TLS
+ # grpc:// gRPC None
+ # grpcs:// gRPC TLS
+ #
+ # It is recommended to explicitly include a scheme. Leaving out the scheme
+ # may cause constrasting behaviors across platforms.
+ #
+ # If the port is unspecified, the default is:
+ # - 80 for schemes without TLS
+ # - 443 for schemes with TLS
+ #
+ # For HTTP backends, use protocol
+ # to specify the protocol version.
+ "renameTo": "A String", # Unimplemented. Do not use.
+ #
+ # The new name the selected proto elements should be renamed to.
+ #
+ # The package, the service and the method can all be renamed.
+ # The backend server should implement the renamed proto. However, clients
+ # should call the original method, and ESF routes the traffic to the renamed
+ # method.
+ #
+ # HTTP clients should call the URL mapped to the original method.
+ # gRPC and Stubby clients should call the original method with package name.
+ #
+ # For legacy reasons, ESF allows Stubby clients to call with the
+ # short name (without the package name). However, for API Versioning(or
+ # multiple methods mapped to the same short name), all Stubby clients must
+ # call the method's full name with the package name, otherwise the first one
+ # (selector) wins.
+ #
+ # If this `rename_to` is specified with a trailing `*`, the `selector` must
+ # be specified with a trailing `*` as well. The all element short names
+ # matched by the `*` in the selector will be kept in the `rename_to`.
+ #
+ # For example,
+ # rename_rules:
+ # - selector: |-
+ # google.example.library.v1.*
+ # rename_to: google.example.library.*
+ #
+ # The selector matches `google.example.library.v1.Library.CreateShelf` and
+ # `google.example.library.v1.Library.CreateBook`, they will be renamed to
+ # `google.example.library.Library.CreateShelf` and
+ # `google.example.library.Library.CreateBook`. It essentially renames the
+ # proto package name section of the matched proto service and methods.
},
],
},
@@ -846,16 +927,20 @@
# one consumer destination.
{ # Configuration of a specific billing destination (Currently only support
# bill against consumer project).
- "monitoredResource": "A String", # The monitored resource type. The type must be defined in
- # Service.monitored_resources section.
"metrics": [ # Names of the metrics to report to this billing destination.
# Each name must be defined in Service.metrics section.
"A String",
],
+ "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+ # Service.monitored_resources section.
},
],
},
"title": "A String", # The product title for this service.
+ "id": "A String", # A unique ID for a specific instance of this message, typically assigned
+ # by the client for tracking purpose. Must be no longer than 63 characters
+ # and only lower case letters, digits, '.', '_' and '-' are allowed. If
+ # empty, the server may choose to generate one instead.
"authentication": { # `Authentication` defines the authentication configuration for an API. # Auth configuration.
#
# Example for an API targeted for external use:
@@ -908,7 +993,6 @@
# canonical_scopes: https://www.googleapis.com/auth/calendar,
# https://www.googleapis.com/auth/calendar.read
},
- "allowWithoutCredential": True or False, # If true, the service accepts API keys without any other credential.
"requirements": [ # Requirements for additional authentication providers.
{ # User-defined authentication requirements, including support for
# [JSON Web Token
@@ -936,6 +1020,7 @@
# bookstore_web.apps.googleusercontent.com
},
],
+ "allowWithoutCredential": True or False, # If true, the service accepts API keys without any other credential.
"selector": "A String", # Selects the methods to which this rule applies.
#
# Refer to selector for syntax details.
@@ -945,6 +1030,53 @@
{ # Configuration for an authentication provider, including support for
# [JSON Web Token
# (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+ "jwtLocations": [ # Defines the locations to extract the JWT.
+ #
+ # JWT locations can be either from HTTP headers or URL query parameters.
+ # The rule is that the first match wins. The checking order is: checking
+ # all headers first, then URL query parameters.
+ #
+ # If not specified, default to use following 3 locations:
+ # 1) Authorization: Bearer
+ # 2) x-goog-iap-jwt-assertion
+ # 3) access_token query parameter
+ #
+ # Default locations can be specified as followings:
+ # jwt_locations:
+ # - header: Authorization
+ # value_prefix: "Bearer "
+ # - header: x-goog-iap-jwt-assertion
+ # - query: access_token
+ { # Specifies a location to extract JWT from an API request.
+ "query": "A String", # Specifies URL query parameter name to extract JWT token.
+ "valuePrefix": "A String", # The value prefix. The value format is "value_prefix{token}"
+ # Only applies to "in" header type. Must be empty for "in" query type.
+ # If not empty, the header value has to match (case sensitive) this prefix.
+ # If not matched, JWT will not be extracted. If matched, JWT will be
+ # extracted after the prefix is removed.
+ #
+ # For example, for "Authorization: Bearer {JWT}",
+ # value_prefix="Bearer " with a space at the end.
+ "header": "A String", # Specifies HTTP header name to extract JWT token.
+ },
+ ],
+ "audiences": "A String", # The list of JWT
+ # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+ # that are allowed to access. A JWT containing any of these audiences will
+ # be accepted. When this setting is absent, JWTs with audiences:
+ # - "https://[service.name]/[google.protobuf.Api.name]"
+ # - "https://[service.name]/"
+ # will be accepted.
+ # For example, if no audiences are in the setting, LibraryService API will
+ # accept JWTs with the following audiences:
+ # -
+ # https://library-example.googleapis.com/google.example.library.v1.LibraryService
+ # - https://library-example.googleapis.com/
+ #
+ # Example:
+ #
+ # audiences: bookstore_android.apps.googleusercontent.com,
+ # bookstore_web.apps.googleusercontent.com
"jwksUri": "A String", # URL of the provider's public key set to validate signature of the JWT. See
# [OpenID
# Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
@@ -957,19 +1089,6 @@
# service account).
#
# Example: https://www.googleapis.com/oauth2/v1/certs
- "audiences": "A String", # The list of JWT
- # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
- # that are allowed to access. A JWT containing any of these audiences will
- # be accepted. When this setting is absent, only JWTs with audience
- # "https://Service_name/API_name"
- # will be accepted. For example, if no audiences are in the setting,
- # LibraryService API will only accept JWTs with the following audience
- # "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
- #
- # Example:
- #
- # audiences: bookstore_android.apps.googleusercontent.com,
- # bookstore_web.apps.googleusercontent.com
"id": "A String", # The unique identifier of the auth provider. It will be referred to by
# `AuthRequirement.provider_id`.
#
@@ -1014,18 +1133,38 @@
# rules:
# - selector: "google.example.library.v1.LibraryService.CreateBook"
# allow_unregistered_calls: true
+ "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
+ # methods in all APIs.
+ #
+ # Refer to selector for syntax details.
"skipServiceControl": True or False, # If true, the selected method should skip service control and the control
# plane features, such as quota and billing, will not be available.
# This flag is used by Google Cloud Endpoints to bypass checks for internal
# methods, such as service health check methods.
"allowUnregisteredCalls": True or False, # If true, the selected method allows unregistered calls, e.g. calls
# that don't identify any user or application.
- "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
- # methods in all APIs.
- #
- # Refer to selector for syntax details.
},
],
+ "serviceIdentity": { # The per-product per-project service identity for a service. # The configuration of a per-product per-project service identity.
+ #
+ #
+ # Use this field to configure per-product per-project service identity.
+ # Example of a service identity configuration.
+ #
+ # usage:
+ # service_identity:
+ # - service_account_parent: "projects/123456789"
+ # display_name: "Cloud XXX Service Agent"
+ # description: "Used as the identity of Cloud XXX to access resources"
+ "displayName": "A String", # Optional. A user-specified name for the service account.
+ # Must be less than or equal to 100 UTF-8 bytes.
+ "description": "A String", # Optional. A user-specified opaque description of the service account.
+ # Must be less than or equal to 256 UTF-8 bytes.
+ "serviceAccountParent": "A String", # A service account project that hosts the service accounts.
+ #
+ # An example name would be:
+ # `projects/123456789`
+ },
"producerNotificationChannel": "A String", # The full resource name of a channel used for sending notifications to the
# service producer.
#
@@ -1035,7 +1174,7 @@
# of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
# documented in https://cloud.google.com/pubsub/docs/overview.
"requirements": [ # Requirements that must be satisfied before a consumer project can use the
- # service. Each requirement is of the form <service.name>/<requirement-id>;
+ # service. Each requirement is of the form <service.name>/<requirement-id>;
# for example 'serviceusage.googleapis.com/billing-enabled'.
"A String",
],
@@ -1043,6 +1182,7 @@
"configVersion": 42, # The semantic version of the service configuration. The config version
# affects the interpretation of the service configuration. For example,
# certain features are enabled by default for certain config versions.
+ #
# The latest config version is `3`.
"producerProjectId": "A String", # The Google project that owns this service.
"http": { # Defines the HTTP configuration for an API service. It contains a list of # HTTP configuration.
@@ -1120,16 +1260,16 @@
#
# HTTP | gRPC
# -----|-----
- # `GET /v1/messages/123456?revision=2&sub.subfield=foo` |
+ # `GET /v1/messages/123456?revision=2&sub.subfield=foo` |
# `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
# "foo"))`
#
# Note that fields which are mapped to URL query parameters must have a
# primitive type or a repeated primitive type or a non-repeated message type.
# In the case of a repeated type, the parameter can be repeated in the URL
- # as `...?param=A¶m=B`. In the case of a message type, each field of the
+ # as `...?param=A&param=B`. In the case of a message type, each field of the
# message is mapped to a separate parameter, such as
- # `...?foo.a=A&foo.b=B&foo.c=C`.
+ # `...?foo.a=A&foo.b=B&foo.c=C`.
#
# For HTTP methods that allow a request body, the `body` field
# specifies the mapping. Consider a REST update method on the
@@ -1326,14 +1466,27 @@
#
# NOTE: the referred field must be present at the top-level of the request
# message type.
+ "get": "A String", # Maps to HTTP GET. Used for listing and getting information about
+ # resources.
"additionalBindings": [ # Additional HTTP bindings for the selector. Nested bindings must
# not contain an `additional_bindings` field themselves (that is,
# the nesting may only be one level deep).
# Object with schema name: HttpRule
],
- "get": "A String", # Maps to HTTP GET. Used for listing and getting information about
- # resources.
+ "selector": "A String", # Selects a method to which this rule applies.
+ #
+ # Refer to selector for syntax details.
+ "responseBody": "A String", # Optional. The name of the response field whose value is mapped to the HTTP
+ # response body. When omitted, the entire response message will be used
+ # as the HTTP response body.
+ #
+ # NOTE: The referred field must be present at the top-level of the response
+ # message type.
+ "allowHalfDuplex": True or False, # When this flag is set to true, HTTP requests will be allowed to invoke a
+ # half-duplex streaming method.
+ "put": "A String", # Maps to HTTP PUT. Used for replacing a resource.
"patch": "A String", # Maps to HTTP PATCH. Used for updating a resource.
+ "post": "A String", # Maps to HTTP POST. Used for creating a resource or performing an action.
"custom": { # A custom pattern is used for defining custom HTTP verb. # The custom pattern is used for specifying an HTTP method that is not
# included in the `pattern` field, such as HEAD, or "*" to leave the
# HTTP method unspecified for this rule. The wild-card rule is useful
@@ -1341,17 +1494,6 @@
"path": "A String", # The path matched by this custom verb.
"kind": "A String", # The name of this custom HTTP verb.
},
- "responseBody": "A String", # Optional. The name of the response field whose value is mapped to the HTTP
- # response body. When omitted, the entire response message will be used
- # as the HTTP response body.
- #
- # NOTE: The referred field must be present at the top-level of the response
- # message type.
- "put": "A String", # Maps to HTTP PUT. Used for replacing a resource.
- "post": "A String", # Maps to HTTP POST. Used for creating a resource or performing an action.
- "selector": "A String", # Selects a method to which this rule applies.
- #
- # Refer to selector for syntax details.
"delete": "A String", # Maps to HTTP DELETE. Used for deleting a resource.
},
],
@@ -1376,31 +1518,8 @@
# sometimes simply referred to as "APIs" in other contexts, such as the name of
# this message itself. See https://cloud.google.com/apis/design/glossary for
# detailed terminology.
- "methods": [ # The methods of this interface, in unspecified order.
- { # Method represents a method of an API interface.
- "name": "A String", # The simple name of this method.
- "requestStreaming": True or False, # If true, the request is streamed.
- "responseTypeUrl": "A String", # The URL of the output message type.
- "requestTypeUrl": "A String", # A URL of the input message type.
- "responseStreaming": True or False, # If true, the response is streamed.
- "syntax": "A String", # The source syntax of this method.
- "options": [ # Any metadata attached to the method.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- },
- ],
+ "name": "A String", # The fully qualified name of this interface, including package name
+ # followed by the interface's simple name.
"sourceContext": { # `SourceContext` represents information about the source of a # Source context for the protocol buffer service represented by this
# message.
# protobuf element, like the file in which it is defined.
@@ -1507,7 +1626,7 @@
# chosen based on the product plan.
#
# The major version is also reflected in the package name of the
- # interface, which must end in `v<major-version>`, as in
+ # interface, which must end in `v<major-version>`, as in
# `google.feature.v1`. For major versions 0 and 1, the suffix can
# be omitted. Zero major versions must only be used for
# experimental, non-GA interfaces.
@@ -1526,8 +1645,31 @@
},
},
],
- "name": "A String", # The fully qualified name of this interface, including package name
- # followed by the interface's simple name.
+ "methods": [ # The methods of this interface, in unspecified order.
+ { # Method represents a method of an API interface.
+ "name": "A String", # The simple name of this method.
+ "requestStreaming": True or False, # If true, the request is streamed.
+ "responseTypeUrl": "A String", # The URL of the output message type.
+ "requestTypeUrl": "A String", # A URL of the input message type.
+ "responseStreaming": True or False, # If true, the response is streamed.
+ "syntax": "A String", # The source syntax of this method.
+ "options": [ # Any metadata attached to the method.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ },
+ ],
+ },
+ ],
},
],
"customError": { # Customize service error responses. For example, list any service # Custom error configuration.
@@ -1630,12 +1772,9 @@
# Optional. If not set, the UI will provide a default display name based on
# the quota configuration. This field can be used to override the default
# display name generated from the configuration.
- "name": "A String", # Name of the quota limit.
- #
- # The name must be provided, and it must be unique within the service. The
- # name can only include alphanumeric characters as well as '-'.
- #
- # The maximum length of the limit name is 64 characters.
+ "description": "A String", # Optional. User-visible, extended description for this quota limit.
+ # Should be used only when more context is needed to understand this limit
+ # than provided by the limit's display name (see: `display_name`).
"defaultLimit": "A String", # Default number of tokens that can be consumed during the specified
# duration. This is the number of tokens assigned when a client
# application developer activates the service for his/her project.
@@ -1663,10 +1802,7 @@
# indicating unlimited maximum quota.
#
# Used by group-based quotas only.
- "duration": "A String", # Duration of this limit in textual notation. Example: "100s", "24h", "1d".
- # For duration longer than a day, only multiple of days is supported. We
- # support only "100s" and "1d" for now. Additional support will be added in
- # the future. "0" indicates indefinite duration.
+ "duration": "A String", # Duration of this limit in textual notation. Must be "100s" or "1d".
#
# Used by group-based quotas only.
"freeTier": "A String", # Free tier value displayed in the Developers Console for this limit.
@@ -1686,9 +1822,12 @@
#
# Note: the order of unit components is insignificant.
# The "1" at the beginning is required to follow the metric unit syntax.
- "description": "A String", # Optional. User-visible, extended description for this quota limit.
- # Should be used only when more context is needed to understand this limit
- # than provided by the limit's display name (see: `display_name`).
+ "name": "A String", # Name of the quota limit.
+ #
+ # The name must be provided, and it must be unique within the service. The
+ # name can only include alphanumeric characters as well as '-'.
+ #
+ # The maximum length of the limit name is 64 characters.
},
],
},
@@ -1696,12 +1835,11 @@
{ # Defines a metric type and its schema. Once a metric descriptor is created,
# deleting or altering it stops data collection and makes the metric type's
# existing data unusable.
- "description": "A String", # A detailed description of the metric, which can be used in documentation.
"displayName": "A String", # A concise name for the metric, which can be displayed in user interfaces.
# Use sentence case without an ending period, for example "Request count".
# This field is optional but it is recommended to be set for any metrics
# associated with user-visible concepts, such as Quota.
- "name": "A String", # The resource name of the metric descriptor.
+ "description": "A String", # A detailed description of the metric, which can be used in documentation.
"metricKind": "A String", # Whether the metric records instantaneous values, changes to a value, etc.
# Some combinations of `metric_kind` and `value_type` might not be supported.
"valueType": "A String", # Whether the measurement is an integer, a floating-point number, etc.
@@ -1719,6 +1857,23 @@
},
],
"launchStage": "A String", # Optional. The launch stage of the metric definition.
+ "monitoredResourceTypes": [ # Read-only. If present, then a time
+ # series, which is identified partially by
+ # a metric type and a MonitoredResourceDescriptor, that is associated
+ # with this metric type can only be associated with one of the monitored
+ # resource types listed here.
+ "A String",
+ ],
+ "metadata": { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
+ "launchStage": "A String", # Deprecated. Must use the MetricDescriptor.launch_stage instead.
+ "ingestDelay": "A String", # The delay of data points caused by ingestion. Data points older than this
+ # age are guaranteed to be ingested and available to be read, excluding
+ # data loss due to errors.
+ "samplePeriod": "A String", # The sampling period of metric data points. For metrics which are written
+ # periodically, consecutive data points are stored at this time interval,
+ # excluding data loss due to errors. Metrics with a higher granularity have
+ # a smaller sampling period.
+ },
"type": "A String", # The metric type, including its DNS name prefix. The type is not
# URL-encoded. All user-defined metric types have the DNS name
# `custom.googleapis.com` or `external.googleapis.com`. Metric types should
@@ -1727,9 +1882,27 @@
# "custom.googleapis.com/invoice/paid/amount"
# "external.googleapis.com/prometheus/up"
# "appengine.googleapis.com/http/server/response_latencies"
- "unit": "A String", # The unit in which the metric value is reported. It is only applicable
- # if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The
- # supported units are a subset of [The Unified Code for Units of
+ "unit": "A String", # The units in which the metric value is reported. It is only applicable
+ # if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit`
+ # defines the representation of the stored metric values.
+ #
+ # Different systems may scale the values to be more easily displayed (so a
+ # value of `0.02KBy` _might_ be displayed as `20By`, and a value of
+ # `3523KBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is
+ # `KBy`, then the value of the metric is always in thousands of bytes, no
+ # matter how it may be displayed..
+ #
+ # If you want a custom metric to record the exact number of CPU-seconds used
+ # by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is
+ # `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005
+ # CPU-seconds, then the value is written as `12005`.
+ #
+ # Alternatively, if you want a custom metric to record data in a more
+ # granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is
+ # `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`),
+ # or use `Kis{CPU}` and write `11.723` (which is `12005/1024`).
+ #
+ # The supported units are a subset of [The Unified Code for Units of
# Measure](http://unitsofmeasure.org/ucum.html) standard:
#
# **Basic units (UNIT)**
@@ -1743,33 +1916,40 @@
#
# **Prefixes (PREFIX)**
#
- # * `k` kilo (10**3)
- # * `M` mega (10**6)
- # * `G` giga (10**9)
- # * `T` tera (10**12)
- # * `P` peta (10**15)
- # * `E` exa (10**18)
- # * `Z` zetta (10**21)
- # * `Y` yotta (10**24)
- # * `m` milli (10**-3)
- # * `u` micro (10**-6)
- # * `n` nano (10**-9)
- # * `p` pico (10**-12)
- # * `f` femto (10**-15)
- # * `a` atto (10**-18)
- # * `z` zepto (10**-21)
- # * `y` yocto (10**-24)
- # * `Ki` kibi (2**10)
- # * `Mi` mebi (2**20)
- # * `Gi` gibi (2**30)
- # * `Ti` tebi (2**40)
+ # * `k` kilo (10^3)
+ # * `M` mega (10^6)
+ # * `G` giga (10^9)
+ # * `T` tera (10^12)
+ # * `P` peta (10^15)
+ # * `E` exa (10^18)
+ # * `Z` zetta (10^21)
+ # * `Y` yotta (10^24)
+ #
+ # * `m` milli (10^-3)
+ # * `u` micro (10^-6)
+ # * `n` nano (10^-9)
+ # * `p` pico (10^-12)
+ # * `f` femto (10^-15)
+ # * `a` atto (10^-18)
+ # * `z` zepto (10^-21)
+ # * `y` yocto (10^-24)
+ #
+ # * `Ki` kibi (2^10)
+ # * `Mi` mebi (2^20)
+ # * `Gi` gibi (2^30)
+ # * `Ti` tebi (2^40)
+ # * `Pi` pebi (2^50)
#
# **Grammar**
#
# The grammar also includes these connectors:
#
- # * `/` division (as an infix operator, e.g. `1/s`).
- # * `.` multiplication (as an infix operator, e.g. `GBy.d`)
+ # * `/` division or ratio (as an infix operator). For examples,
+ # `kBy/{email}` or `MiBy/10ms` (although you should almost never
+ # have `/s` in a metric `unit`; rates should always be computed at
+ # query time from the underlying cumulative or delta value).
+ # * `.` multiplication or composition (as an infix operator). For
+ # examples, `GBy.d` or `k{watt}.h`.
#
# The grammar for a unit is as follows:
#
@@ -1784,25 +1964,26 @@
#
# Notes:
#
- # * `Annotation` is just a comment if it follows a `UNIT` and is
- # equivalent to `1` if it is used alone. For examples,
- # `{requests}/s == 1/s`, `By{transmitted}/s == By/s`.
+ # * `Annotation` is just a comment if it follows a `UNIT`. If the annotation
+ # is used alone, then the unit is equivalent to `1`. For examples,
+ # `{request}/s == 1/s`, `By{transmitted}/s == By/s`.
# * `NAME` is a sequence of non-blank printable ASCII characters not
- # containing '{' or '}'.
- # * `1` represents dimensionless value 1, such as in `1/s`.
- # * `%` represents dimensionless value 1/100, and annotates values giving
- # a percentage.
- "metadata": { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
- "launchStage": "A String", # Deprecated. Please use the MetricDescriptor.launch_stage instead.
- # The launch stage of the metric definition.
- "ingestDelay": "A String", # The delay of data points caused by ingestion. Data points older than this
- # age are guaranteed to be ingested and available to be read, excluding
- # data loss due to errors.
- "samplePeriod": "A String", # The sampling period of metric data points. For metrics which are written
- # periodically, consecutive data points are stored at this time interval,
- # excluding data loss due to errors. Metrics with a higher granularity have
- # a smaller sampling period.
- },
+ # containing `{` or `}`.
+ # * `1` represents a unitary [dimensionless
+ # unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such
+ # as in `1/s`. It is typically used when none of the basic units are
+ # appropriate. For example, "new users per day" can be represented as
+ # `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new
+ # users). Alternatively, "thousands of page views per day" would be
+ # represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric
+ # value of `5.3` would mean "5300 page views per day").
+ # * `%` represents dimensionless value of 1/100, and annotates values giving
+ # a percentage (so the metric values are typically in the range of 0..100,
+ # and a metric value `3` means "3 percent").
+ # * `10^2.%` indicates a metric contains a ratio, typically in the range
+ # 0..1, that will be multiplied by 100 and displayed as a percentage
+ # (so a metric value `0.03` means "3 percent").
+ "name": "A String", # The resource name of the metric descriptor.
},
],
"enums": [ # A list of all enum types included in this API service. Enums
@@ -1813,11 +1994,28 @@
# enums:
# - name: google.someapi.v1.SomeEnum
{ # Enum type definition.
+ "syntax": "A String", # The source syntax.
"sourceContext": { # `SourceContext` represents information about the source of a # The source context.
# protobuf element, like the file in which it is defined.
"fileName": "A String", # The path-qualified name of the .proto file that contained the associated
# protobuf element. For example: `"google/protobuf/source_context.proto"`.
},
+ "options": [ # Protocol buffer options.
+ { # A protocol buffer option, which can be attached to a message, field,
+ # enumeration, etc.
+ "name": "A String", # The option's name. For protobuf built-in options (options defined in
+ # descriptor.proto), this is the short name. For example, `"map_entry"`.
+ # For custom options, it should be the fully-qualified name. For example,
+ # `"google.api.http"`.
+ "value": { # The option's value packed in an Any message. If the value is a primitive,
+ # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+ # should be used. If the value is an enum, it should be stored as an int32
+ # value using the google.protobuf.Int32Value type.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ },
+ ],
+ "name": "A String", # Enum type name.
"enumvalue": [ # Enum value definitions.
{ # Enum value definition.
"options": [ # Protocol buffer options.
@@ -1835,27 +2033,10 @@
},
},
],
- "name": "A String", # Enum value name.
"number": 42, # Enum value number.
+ "name": "A String", # Enum value name.
},
],
- "options": [ # Protocol buffer options.
- { # A protocol buffer option, which can be attached to a message, field,
- # enumeration, etc.
- "name": "A String", # The option's name. For protobuf built-in options (options defined in
- # descriptor.proto), this is the short name. For example, `"map_entry"`.
- # For custom options, it should be the fully-qualified name. For example,
- # `"google.api.http"`.
- "value": { # The option's value packed in an Any message. If the value is a primitive,
- # the corresponding wrapper type defined in google/protobuf/wrappers.proto
- # should be used. If the value is an enum, it should be stored as an int32
- # value using the google.protobuf.Int32Value type.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
- },
- ],
- "name": "A String", # Enum type name.
- "syntax": "A String", # The source syntax.
},
],
"types": [ # A list of all proto message types included in this API service.
@@ -1993,26 +2174,26 @@
"documentation": { # `Documentation` provides the information for describing a service. # Additional API documentation.
#
# Example:
- # <pre><code>documentation:
- # summary: >
+ # <pre><code>documentation:
+ # summary: >
# The Google Calendar API gives access
# to most calendar features.
# pages:
# - name: Overview
- # content: (== include google/foo/overview.md ==)
+ # content: &#40;== include google/foo/overview.md ==&#41;
# - name: Tutorial
- # content: (== include google/foo/tutorial.md ==)
+ # content: &#40;== include google/foo/tutorial.md ==&#41;
# subpages;
# - name: Java
- # content: (== include google/foo/tutorial_java.md ==)
+ # content: &#40;== include google/foo/tutorial_java.md ==&#41;
# rules:
# - selector: google.calendar.Calendar.Get
- # description: >
+ # description: >
# ...
# - selector: google.calendar.Calendar.Put
- # description: >
+ # description: >
# ...
- # </code></pre>
+ # </code></pre>
# Documentation is provided in markdown syntax. In addition to
# standard markdown features, definition lists, tables and fenced
# code blocks are supported. Section headers can be provided and are
@@ -2028,21 +2209,21 @@
#
# In order to reference a proto element, the following
# notation can be used:
- # <pre><code>[fully.qualified.proto.name][]</code></pre>
+ # <pre><code>&#91;fully.qualified.proto.name]&#91;]</code></pre>
# To override the display text used for the link, this can be used:
- # <pre><code>[display text][fully.qualified.proto.name]</code></pre>
+ # <pre><code>&#91;display text]&#91;fully.qualified.proto.name]</code></pre>
# Text can be excluded from doc using the following notation:
- # <pre><code>(-- internal comment --)</code></pre>
+ # <pre><code>&#40;-- internal comment --&#41;</code></pre>
#
# A few directives are available in documentation. Note that
# directives must appear on a single line to be properly
# identified. The `include` directive includes a markdown file from
# an external source:
- # <pre><code>(== include path/to/file ==)</code></pre>
+ # <pre><code>&#40;== include path/to/file ==&#41;</code></pre>
# The `resource_for` directive marks a message to be the resource of
# a collection in REST view. If it is not specified, tools attempt
# to infer the resource from the operations in a collection:
- # <pre><code>(== resource_for v1.shelves.books ==)</code></pre>
+ # <pre><code>&#40;== resource_for v1.shelves.books ==&#41;</code></pre>
# The directive `suppress_warning` does not directly affect documentation
# and is documented together with service config validation.
"rules": [ # A list of documentation rules that apply to individual API elements.
@@ -2061,24 +2242,30 @@
},
],
"documentationRootUrl": "A String", # The URL to the root of documentation.
+ "summary": "A String", # A short summary of what the service does. Can only be provided by
+ # plain text.
+ "serviceRootUrl": "A String", # Specifies the service root url if the default one (the service name
+ # from the yaml file) is not suitable. This can be seen in any fully
+ # specified service urls as well as sections that show a base that other
+ # urls are relative to.
"overview": "A String", # Declares a single overview page. For example:
- # <pre><code>documentation:
+ # <pre><code>documentation:
# summary: ...
- # overview: (== include overview.md ==)
- # </code></pre>
+ # overview: &#40;== include overview.md ==&#41;
+ # </code></pre>
# This is a shortcut for the following declaration (using pages style):
- # <pre><code>documentation:
+ # <pre><code>documentation:
# summary: ...
# pages:
# - name: Overview
- # content: (== include overview.md ==)
- # </code></pre>
+ # content: &#40;== include overview.md ==&#41;
+ # </code></pre>
# Note: you cannot specify both `overview` field and `pages` field.
"pages": [ # The top level pages for the documentation set.
{ # Represents a documentation page. A page can contain subpages to represent
# nested documentation set structure.
- "content": "A String", # The Markdown content of the page. You can use <code>(== include {path}
- # ==)</code> to include content from a Markdown file.
+ "content": "A String", # The Markdown content of the page. You can use <code>&#40;== include {path}
+ # ==&#41;</code> to include content from a Markdown file.
"subpages": [ # Subpages of this page. The order of subpages specified here will be
# honored in the generated docset.
# Object with schema name: Page
@@ -2088,19 +2275,17 @@
# etc. The full page name (start from the root page name to this page
# concatenated with `.`) can be used as reference to the page in your
# documentation. For example:
- # <pre><code>pages:
+ # <pre><code>pages:
# - name: Tutorial
- # content: (== include tutorial.md ==)
+ # content: &#40;== include tutorial.md ==&#41;
# subpages:
# - name: Java
- # content: (== include tutorial_java.md ==)
- # </code></pre>
+ # content: &#40;== include tutorial_java.md ==&#41;
+ # </code></pre>
# You can reference `Java` page using Markdown reference link syntax:
# `Java`.
},
],
- "summary": "A String", # A short summary of what the service does. Can only be provided by
- # plain text.
},
"sourceInfo": { # Source information used to create a Service Config # Output only. The source information for this configuration if available.
"sourceFiles": [ # All files used during config generation.
@@ -2191,8 +2376,8 @@
# `google.rpc.context`.
#
# This also provides mechanism to whitelist any protobuf message extension that
- # can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and
- # “x-goog-ext-<extension_id>-jspb” format. For example, list any service
+ # can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and
+ # “x-goog-ext-<extension_id>-jspb” format. For example, list any service
# specific protobuf types that can appear in grpc metadata as follows in your
# yaml file:
#
@@ -2220,9 +2405,6 @@
# side channel from backend to client.
"A String",
],
- "selector": "A String", # Selects the methods to which this rule applies.
- #
- # Refer to selector for syntax details.
"allowedRequestExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
# side channel from client to backend.
"A String",
@@ -2230,6 +2412,9 @@
"requested": [ # A list of full type names of requested contexts.
"A String",
],
+ "selector": "A String", # Selects the methods to which this rule applies.
+ #
+ # Refer to selector for syntax details.
},
],
},
@@ -2292,6 +2477,17 @@
The object takes the form of:
{ # Request message for `GetIamPolicy` method.
+ "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
+ # `GetIamPolicy`. This field is only used by Cloud IAM.
+ "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
+ #
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+ # rejected.
+ #
+ # Requests for policies with any conditional bindings must specify version 3.
+ # Policies without any conditional bindings may specify any valid value or
+ # leave the field unset.
+ },
}
x__xgafv: string, V1 error format.
@@ -2302,56 +2498,119 @@
Returns:
An object of the form:
- { # Defines an Identity and Access Management (IAM) policy. It is used to
- # specify access control policies for Cloud Platform resources.
+ { # An Identity and Access Management (IAM) policy, which specifies access
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
@@ -2362,7 +2621,7 @@
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
+ # account. For example, `alice@example.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
@@ -2371,33 +2630,32 @@
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
},
],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
@@ -2421,7 +2679,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2433,7 +2691,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -2441,7 +2699,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -2449,9 +2707,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -2461,7 +2719,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2471,7 +2729,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -2493,9 +2751,31 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
- "version": 42, # Deprecated.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
}</pre>
</div>
@@ -2521,7 +2801,7 @@
The Google Service Management implementation accepts the following
forms:
-- project:<project_id>
+- project:<project_id>
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -2558,70 +2838,135 @@
</div>
<div class="method">
- <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
+ <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
<pre>Sets the access control policy on the specified resource. Replaces any
existing policy.
+Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+
Args:
resource: string, REQUIRED: The resource for which the policy is being specified.
See the operation documentation for the appropriate value for this field. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
# the policy is limited to a few 10s of KB. An empty policy is a
# valid policy but certain Cloud Platform services (such as Projects)
# might reject them.
- # specify access control policies for Cloud Platform resources.
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
@@ -2632,7 +2977,7 @@
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
+ # account. For example, `alice@example.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
@@ -2641,33 +2986,32 @@
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
},
],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
@@ -2691,7 +3035,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2703,7 +3047,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -2711,7 +3055,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -2719,9 +3063,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -2731,7 +3075,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2741,7 +3085,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -2763,9 +3107,31 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
- "version": 42, # Deprecated.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
},
"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
# the fields in the mask will be modified. If no mask is provided, the
@@ -2782,56 +3148,119 @@
Returns:
An object of the form:
- { # Defines an Identity and Access Management (IAM) policy. It is used to
- # specify access control policies for Cloud Platform resources.
+ { # An Identity and Access Management (IAM) policy, which specifies access
+ # controls for Google Cloud resources.
#
#
- # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
- # `members` to a `role`, where the members can be user accounts, Google groups,
- # Google domains, and service accounts. A `role` is a named list of permissions
- # defined by IAM.
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+ # `members` to a single `role`. Members can be user accounts, service accounts,
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
+ # permissions; each `role` can be an IAM predefined role or a user-created
+ # custom role.
#
- # **JSON Example**
+ # Optionally, a `binding` can specify a `condition`, which is a logical
+ # expression that allows access to a resource only if the expression evaluates
+ # to `true`. A condition can add constraints based on attributes of the
+ # request, the resource, or both.
+ #
+ # **JSON example:**
#
# {
# "bindings": [
# {
- # "role": "roles/owner",
+ # "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# },
# {
- # "role": "roles/viewer",
- # "members": ["user:sean@example.com"]
+ # "role": "roles/resourcemanager.organizationViewer",
+ # "members": ["user:eve@example.com"],
+ # "condition": {
+ # "title": "expirable access",
+ # "description": "Does not grant access after Sep 2020",
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",
+ # }
# }
- # ]
+ # ],
+ # "etag": "BwWWja0YfJA=",
+ # "version": 3
# }
#
- # **YAML Example**
+ # **YAML example:**
#
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
- # - serviceAccount:my-other-app@appspot.gserviceaccount.com
- # role: roles/owner
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
+ # role: roles/resourcemanager.organizationAdmin
# - members:
- # - user:sean@example.com
- # role: roles/viewer
- #
+ # - user:eve@example.com
+ # role: roles/resourcemanager.organizationViewer
+ # condition:
+ # title: expirable access
+ # description: Does not grant access after Sep 2020
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+ # - etag: BwWWja0YfJA=
+ # - version: 3
#
# For a description of IAM and its features, see the
- # [IAM developer's guide](https://cloud.google.com/iam/docs).
- "bindings": [ # Associates a list of `members` to a `role`.
- # `bindings` with no members will result in an error.
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+ # `condition` that determines how and when the `bindings` are applied. Each
+ # of the `bindings` must contain at least one member.
{ # Associates `members` with a `role`.
"role": "A String", # Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+ # NOTE: An unsatisfied condition will not allow user access via current
+ # binding. Different bindings, including their conditions, are examined
+ # independently.
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+ # are documented at https://github.com/google/cel-spec.
+ #
+ # Example (Comparison):
+ #
+ # title: "Summary size limit"
+ # description: "Determines if a summary is less than 100 chars"
+ # expression: "document.summary.size() < 100"
+ #
+ # Example (Equality):
+ #
+ # title: "Requestor is owner"
+ # description: "Determines if requestor is the document owner"
+ # expression: "document.owner == request.auth.claims.email"
+ #
+ # Example (Logic):
+ #
+ # title: "Public documents"
+ # description: "Determine whether the document should be publicly visible"
+ # expression: "document.type != 'private' && document.type != 'internal'"
+ #
+ # Example (Data Manipulation):
+ #
+ # title: "Notification string"
+ # description: "Create a notification string with a timestamp."
+ # expression: "'New message received at ' + string(document.create_time)"
+ #
+ # The exact variables and functions that may be referenced within an expression
+ # are determined by the service that evaluates it. See the service
+ # documentation for additional information.
+ "description": "A String", # Optional. Description of the expression. This is a longer text which
+ # describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language
+ # syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error
+ # reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+ # its purpose. This can be used e.g. in UIs which allow to enter the
+ # expression.
+ },
"members": [ # Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
#
@@ -2842,7 +3271,7 @@
# who is authenticated with a Google account or a service account.
#
# * `user:{emailid}`: An email address that represents a specific Google
- # account. For example, `alice@gmail.com` .
+ # account. For example, `alice@example.com` .
#
#
# * `serviceAccount:{emailid}`: An email address that represents a service
@@ -2851,33 +3280,32 @@
# * `group:{emailid}`: An email address that represents a Google group.
# For example, `admins@example.com`.
#
+ # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a user that has been recently deleted. For
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
+ # recovered, this value reverts to `user:{emailid}` and the recovered user
+ # retains the role in the binding.
+ #
+ # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+ # unique identifier) representing a service account that has been recently
+ # deleted. For example,
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+ # If the service account is undeleted, this value reverts to
+ # `serviceAccount:{emailid}` and the undeleted service account retains the
+ # role in the binding.
+ #
+ # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+ # identifier) representing a Google group that has been recently
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+ # the group is recovered, this value reverts to `group:{emailid}` and the
+ # recovered group retains the role in the binding.
+ #
#
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
#
"A String",
],
- "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
- # NOTE: An unsatisfied condition will not allow user access via current
- # binding. Different bindings, including their conditions, are examined
- # independently.
- #
- # title: "User account presence"
- # description: "Determines whether the request has a user account"
- # expression: "size(request.user) > 0"
- "location": "A String", # An optional string indicating the location of the expression for error
- # reporting, e.g. a file name and a position in the file.
- "expression": "A String", # Textual representation of an expression in
- # Common Expression Language syntax.
- #
- # The application context of the containing message determines which
- # well-known feature set of CEL is supported.
- "description": "A String", # An optional description of the expression. This is a longer text which
- # describes the expression, e.g. when hovered over it in a UI.
- "title": "A String", # An optional title for the expression, i.e. a short string describing
- # its purpose. This can be used e.g. in UIs which allow to enter the
- # expression.
- },
},
],
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
@@ -2901,7 +3329,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2913,7 +3341,7 @@
# ]
# },
# {
- # "service": "fooservice.googleapis.com"
+ # "service": "sampleservice.googleapis.com"
# "audit_log_configs": [
# {
# "log_type": "DATA_READ",
@@ -2921,7 +3349,7 @@
# {
# "log_type": "DATA_WRITE",
# "exempted_members": [
- # "user:bar@gmail.com"
+ # "user:aliya@example.com"
# ]
# }
# ]
@@ -2929,9 +3357,9 @@
# ]
# }
#
- # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
- # logging. It also exempts foo@gmail.com from DATA_READ logging, and
- # bar@gmail.com from DATA_WRITE logging.
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
+ # aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
{ # Provides the configuration for logging a type of permissions.
# Example:
@@ -2941,7 +3369,7 @@
# {
# "log_type": "DATA_READ",
# "exempted_members": [
- # "user:foo@gmail.com"
+ # "user:jose@example.com"
# ]
# },
# {
@@ -2951,7 +3379,7 @@
# }
#
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
- # foo@gmail.com from DATA_READ logging.
+ # jose@example.com from DATA_READ logging.
"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
@@ -2973,14 +3401,36 @@
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
#
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
- # policy is overwritten blindly.
- "version": 42, # Deprecated.
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy.
+ #
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+ # are rejected.
+ #
+ # Any operation that affects conditional role bindings must specify version
+ # `3`. This requirement applies to the following operations:
+ #
+ # * Getting a policy that includes a conditional role binding
+ # * Adding a conditional role binding to a policy
+ # * Changing a conditional role binding in a policy
+ # * Removing any role binding, with or without a condition, from a policy
+ # that includes conditions
+ #
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
+ # the conditions in the version `3` policy are lost.
+ #
+ # If a policy does not include any conditions, operations on that policy may
+ # specify any valid version or leave the field unset.
}</pre>
</div>
<div class="method">
- <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
+ <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
<pre>Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND error.
@@ -2992,7 +3442,7 @@
Args:
resource: string, REQUIRED: The resource for which the policy detail is being requested.
See the operation documentation for the appropriate value for this field. (required)
- body: object, The request body. (required)
+ body: object, The request body.
The object takes the form of:
{ # Request message for `TestIamPermissions` method.
@@ -3027,10 +3477,10 @@
The target service must exist and must have been deleted within the
last 30 days.
-Operation<response: UndeleteServiceResponse>
+Operation<response: UndeleteServiceResponse>
Args:
- serviceName: string, The name of the service. See the [overview](/service-management/overview)
+ serviceName: string, Required. The name of the service. See the [overview](/service-management/overview)
for naming requirements. For example: `example.googleapis.com`. (required)
x__xgafv: string, V1 error format.
Allowed values
@@ -3042,28 +3492,12 @@
{ # This resource represents a long-running operation that is the result of a
# network API call.
- "response": { # The normal response of the operation in case of success. If the original
- # method returns no data on success, such as `Delete`, the response is
- # `google.protobuf.Empty`. If the original method is standard
- # `Get`/`Create`/`Update`, the response should be the resource. For other
- # methods, the response should have the type `XxxResponse`, where `Xxx`
- # is the original method name. For example, if the original method name
- # is `TakeSnapshot()`, the inferred response type is
- # `TakeSnapshotResponse`.
- "a_key": "", # Properties of the object. Contains field @type with type URL.
- },
"metadata": { # Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
- "done": True or False, # If the value is `false`, it means the operation is still in progress.
- # If `true`, the operation is completed, and either `error` or `response` is
- # available.
- "name": "A String", # The server-assigned name, which is only unique within the same service that
- # originally returns it. If you use the default HTTP mapping, the
- # `name` should be a resource name ending with `operations/{unique_id}`.
"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
@@ -3082,6 +3516,22 @@
},
],
},
+ "done": True or False, # If the value is `false`, it means the operation is still in progress.
+ # If `true`, the operation is completed, and either `error` or `response` is
+ # available.
+ "response": { # The normal response of the operation in case of success. If the original
+ # method returns no data on success, such as `Delete`, the response is
+ # `google.protobuf.Empty`. If the original method is standard
+ # `Get`/`Create`/`Update`, the response should be the resource. For other
+ # methods, the response should have the type `XxxResponse`, where `Xxx`
+ # is the original method name. For example, if the original method name
+ # is `TakeSnapshot()`, the inferred response type is
+ # `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that
+ # originally returns it. If you use the default HTTP mapping, the
+ # `name` should be a resource name ending with `operations/{unique_id}`.
}</pre>
</div>