Refresh all docs (#298)
Change the discovery query to fetch all discovery docs, not just the
preferred ones.
diff --git a/docs/dyn/pubsub_v1beta2.projects.subscriptions.html b/docs/dyn/pubsub_v1beta2.projects.subscriptions.html
index bdbcd55..84a4678 100644
--- a/docs/dyn/pubsub_v1beta2.projects.subscriptions.html
+++ b/docs/dyn/pubsub_v1beta2.projects.subscriptions.html
@@ -76,19 +76,19 @@
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="#acknowledge">acknowledge(subscription, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Acknowledges the messages associated with the ack tokens in the AcknowledgeRequest. The Pub/Sub system can remove the relevant messages from the subscription. Acknowledging a message whose ack deadline has expired may succeed, but such a message may be redelivered later. Acknowledging a message more than once will not result in an error.</p>
+<p class="firstline">Acknowledges the messages associated with the `ack_ids` in the `AcknowledgeRequest`. The Pub/Sub system can remove the relevant messages from the subscription. Acknowledging a message whose ack deadline has expired may succeed, but such a message may be redelivered later. Acknowledging a message more than once will not result in an error.</p>
<p class="toc_element">
<code><a href="#create">create(name, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Creates a subscription to a given topic for a given subscriber. If the subscription already exists, returns ALREADY_EXISTS. If the corresponding topic doesn't exist, returns NOT_FOUND. If the name is not provided in the request, the server will assign a random name for this subscription on the same project as the topic.</p>
+<p class="firstline">Creates a subscription to a given topic. If the subscription already exists, returns `ALREADY_EXISTS`. If the corresponding topic doesn't exist, returns `NOT_FOUND`. If the name is not provided in the request, the server will assign a random name for this subscription on the same project as the topic. Note that for REST API requests, you must specify a name.</p>
<p class="toc_element">
<code><a href="#delete">delete(subscription, x__xgafv=None)</a></code></p>
-<p class="firstline">Deletes an existing subscription. All pending messages in the subscription are immediately dropped. Calls to Pull after deletion will return NOT_FOUND. After a subscription is deleted, a new one may be created with the same name, but the new one has no association with the old subscription, or its topic unless the same topic is specified.</p>
+<p class="firstline">Deletes an existing subscription. All pending messages in the subscription are immediately dropped. Calls to `Pull` after deletion will return `NOT_FOUND`. After a subscription is deleted, a new one may be created with the same name, but the new one has no association with the old subscription, or its topic unless the same topic is specified.</p>
<p class="toc_element">
<code><a href="#get">get(subscription, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the configuration details of a subscription.</p>
<p class="toc_element">
<code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets the access control policy for a resource. May be empty if no such policy or resource exists.</p>
+<p class="firstline">Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.</p>
<p class="toc_element">
<code><a href="#list">list(project, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists matching subscriptions.</p>
@@ -97,13 +97,13 @@
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#modifyAckDeadline">modifyAckDeadline(subscription, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Modifies the ack deadline for a specific message. This method is useful to indicate that more time is needed to process a message by the subscriber, or to make the message available for redelivery if the processing was interrupted.</p>
+<p class="firstline">Modifies the ack deadline for a specific message. This method is useful to indicate that more time is needed to process a message by the subscriber, or to make the message available for redelivery if the processing was interrupted. Note that this does not modify the subscription-level `ackDeadlineSeconds` used for subsequent messages.</p>
<p class="toc_element">
<code><a href="#modifyPushConfig">modifyPushConfig(subscription, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Modifies the PushConfig for a specified subscription. This may be used to change a push subscription to a pull one (signified by an empty PushConfig) or vice versa, or change the endpoint URL and other attributes of a push subscription. Messages will accumulate for delivery continuously through the call regardless of changes to the PushConfig.</p>
+<p class="firstline">Modifies the `PushConfig` for a specified subscription. This may be used to change a push subscription to a pull one (signified by an empty `PushConfig`) or vice versa, or change the endpoint URL and other attributes of a push subscription. Messages will accumulate for delivery continuously through the call regardless of changes to the `PushConfig`.</p>
<p class="toc_element">
<code><a href="#pull">pull(subscription, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Pulls messages from the server. Returns an empty list if there are no messages available in the backlog. The server may return UNAVAILABLE if there are too many concurrent pull requests pending for the given subscription.</p>
+<p class="firstline">Pulls messages from the server. Returns an empty list if there are no messages available in the backlog. The server may return `UNAVAILABLE` if there are too many concurrent pull requests pending for the given subscription.</p>
<p class="toc_element">
<code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on the specified resource. Replaces any existing policy.</p>
@@ -113,7 +113,7 @@
<h3>Method Details</h3>
<div class="method">
<code class="details" id="acknowledge">acknowledge(subscription, body, x__xgafv=None)</code>
- <pre>Acknowledges the messages associated with the ack tokens in the AcknowledgeRequest. The Pub/Sub system can remove the relevant messages from the subscription. Acknowledging a message whose ack deadline has expired may succeed, but such a message may be redelivered later. Acknowledging a message more than once will not result in an error.
+ <pre>Acknowledges the messages associated with the `ack_ids` in the `AcknowledgeRequest`. The Pub/Sub system can remove the relevant messages from the subscription. Acknowledging a message whose ack deadline has expired may succeed, but such a message may be redelivered later. Acknowledging a message more than once will not result in an error.
Args:
subscription: string, The subscription whose message is being acknowledged. (required)
@@ -121,7 +121,7 @@
The object takes the form of:
{ # Request for the Acknowledge method.
- "ackIds": [ # The acknowledgment ID for the messages being acknowledged that was returned by the Pub/Sub system in the Pull response. Must not be empty.
+ "ackIds": [ # The acknowledgment ID for the messages being acknowledged that was returned by the Pub/Sub system in the `Pull` response. Must not be empty.
"A String",
],
}
@@ -131,29 +131,29 @@
Returns:
An object of the form:
- { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
}</pre>
</div>
<div class="method">
<code class="details" id="create">create(name, body, x__xgafv=None)</code>
- <pre>Creates a subscription to a given topic for a given subscriber. If the subscription already exists, returns ALREADY_EXISTS. If the corresponding topic doesn't exist, returns NOT_FOUND. If the name is not provided in the request, the server will assign a random name for this subscription on the same project as the topic.
+ <pre>Creates a subscription to a given topic. If the subscription already exists, returns `ALREADY_EXISTS`. If the corresponding topic doesn't exist, returns `NOT_FOUND`. If the name is not provided in the request, the server will assign a random name for this subscription on the same project as the topic. Note that for REST API requests, you must specify a name.
Args:
- name: string, The name of the subscription. It must have the format "projects/{project}/subscriptions/{subscription}" for Google Cloud Pub/Sub API v1beta2. {subscription} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog". (required)
+ name: string, The name of the subscription. It must have the format `"projects/{project}/subscriptions/{subscription}"`. `{subscription}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # A subscription resource.
- "topic": "A String", # The name of the topic from which this subscription is receiving messages. This will be present if and only if the subscription has not been detached from its topic.
- "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull delivery this value is used as the initial value for the ack deadline. It may be overridden for each message using its corresponding ack_id by calling ModifyAckDeadline. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is not set, the default value of 60 seconds is used.
- "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.
- "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the CreateSubscription call, it will default to the version of the API used to make such call. If not present during a ModifyPushConfig call, its value will not be changed. GetSubscription calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
+ "topic": "A String", # The name of the topic from which this subscription is receiving messages. The value of this field will be `_deleted-topic_` if the topic has been deleted.
+ "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call `ModifyAckDeadline` with the corresponding `ack_id` if using pull. The maximum custom deadline you can specify is 600 seconds (10 minutes). For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is 0, a default value of 10 seconds is used.
+ "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty `pushConfig` signifies that the subscriber will pull and ack messages using API methods.
+ "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the `CreateSubscription` call, it will default to the version of the API used to make such call. If not present during a `ModifyPushConfig` call, its value will not be changed. `GetSubscription` calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
"a_key": "A String",
},
"pushEndpoint": "A String", # A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
},
- "name": "A String", # The name of the subscription. It must have the format "projects/{project}/subscriptions/{subscription}" for Google Cloud Pub/Sub API v1beta2. {subscription} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the subscription. It must have the format `"projects/{project}/subscriptions/{subscription}"`. `{subscription}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}
x__xgafv: string, V1 error format.
@@ -162,21 +162,21 @@
An object of the form:
{ # A subscription resource.
- "topic": "A String", # The name of the topic from which this subscription is receiving messages. This will be present if and only if the subscription has not been detached from its topic.
- "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull delivery this value is used as the initial value for the ack deadline. It may be overridden for each message using its corresponding ack_id by calling ModifyAckDeadline. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is not set, the default value of 60 seconds is used.
- "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.
- "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the CreateSubscription call, it will default to the version of the API used to make such call. If not present during a ModifyPushConfig call, its value will not be changed. GetSubscription calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
+ "topic": "A String", # The name of the topic from which this subscription is receiving messages. The value of this field will be `_deleted-topic_` if the topic has been deleted.
+ "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call `ModifyAckDeadline` with the corresponding `ack_id` if using pull. The maximum custom deadline you can specify is 600 seconds (10 minutes). For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is 0, a default value of 10 seconds is used.
+ "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty `pushConfig` signifies that the subscriber will pull and ack messages using API methods.
+ "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the `CreateSubscription` call, it will default to the version of the API used to make such call. If not present during a `ModifyPushConfig` call, its value will not be changed. `GetSubscription` calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
"a_key": "A String",
},
"pushEndpoint": "A String", # A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
},
- "name": "A String", # The name of the subscription. It must have the format "projects/{project}/subscriptions/{subscription}" for Google Cloud Pub/Sub API v1beta2. {subscription} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the subscription. It must have the format `"projects/{project}/subscriptions/{subscription}"`. `{subscription}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}</pre>
</div>
<div class="method">
<code class="details" id="delete">delete(subscription, x__xgafv=None)</code>
- <pre>Deletes an existing subscription. All pending messages in the subscription are immediately dropped. Calls to Pull after deletion will return NOT_FOUND. After a subscription is deleted, a new one may be created with the same name, but the new one has no association with the old subscription, or its topic unless the same topic is specified.
+ <pre>Deletes an existing subscription. All pending messages in the subscription are immediately dropped. Calls to `Pull` after deletion will return `NOT_FOUND`. After a subscription is deleted, a new one may be created with the same name, but the new one has no association with the old subscription, or its topic unless the same topic is specified.
Args:
subscription: string, The subscription to delete. (required)
@@ -185,7 +185,7 @@
Returns:
An object of the form:
- { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
}</pre>
</div>
@@ -201,79 +201,40 @@
An object of the form:
{ # A subscription resource.
- "topic": "A String", # The name of the topic from which this subscription is receiving messages. This will be present if and only if the subscription has not been detached from its topic.
- "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull delivery this value is used as the initial value for the ack deadline. It may be overridden for each message using its corresponding ack_id by calling ModifyAckDeadline. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is not set, the default value of 60 seconds is used.
- "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.
- "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the CreateSubscription call, it will default to the version of the API used to make such call. If not present during a ModifyPushConfig call, its value will not be changed. GetSubscription calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
+ "topic": "A String", # The name of the topic from which this subscription is receiving messages. The value of this field will be `_deleted-topic_` if the topic has been deleted.
+ "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call `ModifyAckDeadline` with the corresponding `ack_id` if using pull. The maximum custom deadline you can specify is 600 seconds (10 minutes). For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is 0, a default value of 10 seconds is used.
+ "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty `pushConfig` signifies that the subscriber will pull and ack messages using API methods.
+ "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the `CreateSubscription` call, it will default to the version of the API used to make such call. If not present during a `ModifyPushConfig` call, its value will not be changed. `GetSubscription` calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
"a_key": "A String",
},
"pushEndpoint": "A String", # A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
},
- "name": "A String", # The name of the subscription. It must have the format "projects/{project}/subscriptions/{subscription}" for Google Cloud Pub/Sub API v1beta2. {subscription} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the subscription. It must have the format `"projects/{project}/subscriptions/{subscription}"`. `{subscription}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}</pre>
</div>
<div class="method">
<code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code>
- <pre>Gets the access control policy for a resource. May be empty if no such policy or resource exists.
+ <pre>Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Args:
- resource: string, REQUIRED: The resource for which policy is being requested. Usually some path like projects/{project}. (required)
+ resource: string, REQUIRED: The resource for which the policy is being requested. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
x__xgafv: string, V1 error format.
Returns:
An object of the form:
- { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ```
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
}</pre>
</div>
@@ -284,25 +245,25 @@
Args:
project: string, The name of the cloud project that subscriptions belong to. (required)
pageSize: integer, Maximum number of subscriptions to return.
- pageToken: string, The value returned by the last ListSubscriptionsResponse; indicates that this is a continuation of a prior ListSubscriptions call, and that the system should return the next page of data.
+ pageToken: string, The value returned by the last `ListSubscriptionsResponse`; indicates that this is a continuation of a prior `ListSubscriptions` call, and that the system should return the next page of data.
x__xgafv: string, V1 error format.
Returns:
An object of the form:
- { # Response for the ListSubscriptions method.
- "nextPageToken": "A String", # If not empty, indicates that there may be more subscriptions that match the request; this value should be passed in a new ListSubscriptionsRequest to get more subscriptions.
+ { # Response for the `ListSubscriptions` method.
+ "nextPageToken": "A String", # If not empty, indicates that there may be more subscriptions that match the request; this value should be passed in a new `ListSubscriptionsRequest` to get more subscriptions.
"subscriptions": [ # The subscriptions that match the request.
{ # A subscription resource.
- "topic": "A String", # The name of the topic from which this subscription is receiving messages. This will be present if and only if the subscription has not been detached from its topic.
- "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull delivery this value is used as the initial value for the ack deadline. It may be overridden for each message using its corresponding ack_id by calling ModifyAckDeadline. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is not set, the default value of 60 seconds is used.
- "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods.
- "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the CreateSubscription call, it will default to the version of the API used to make such call. If not present during a ModifyPushConfig call, its value will not be changed. GetSubscription calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
+ "topic": "A String", # The name of the topic from which this subscription is receiving messages. The value of this field will be `_deleted-topic_` if the topic has been deleted.
+ "ackDeadlineSeconds": 42, # This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call `ModifyAckDeadline` with the corresponding `ack_id` if using pull. The maximum custom deadline you can specify is 600 seconds (10 minutes). For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. If this parameter is 0, a default value of 10 seconds is used.
+ "pushConfig": { # Configuration for a push delivery endpoint. # If push delivery is used with this subscription, this field is used to configure it. An empty `pushConfig` signifies that the subscriber will pull and ack messages using API methods.
+ "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the `CreateSubscription` call, it will default to the version of the API used to make such call. If not present during a `ModifyPushConfig` call, its value will not be changed. `GetSubscription` calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
"a_key": "A String",
},
"pushEndpoint": "A String", # A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
},
- "name": "A String", # The name of the subscription. It must have the format "projects/{project}/subscriptions/{subscription}" for Google Cloud Pub/Sub API v1beta2. {subscription} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the subscription. It must have the format `"projects/{project}/subscriptions/{subscription}"`. `{subscription}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
},
],
}</pre>
@@ -324,7 +285,7 @@
<div class="method">
<code class="details" id="modifyAckDeadline">modifyAckDeadline(subscription, body, x__xgafv=None)</code>
- <pre>Modifies the ack deadline for a specific message. This method is useful to indicate that more time is needed to process a message by the subscriber, or to make the message available for redelivery if the processing was interrupted.
+ <pre>Modifies the ack deadline for a specific message. This method is useful to indicate that more time is needed to process a message by the subscriber, or to make the message available for redelivery if the processing was interrupted. Note that this does not modify the subscription-level `ackDeadlineSeconds` used for subsequent messages.
Args:
subscription: string, The name of the subscription. (required)
@@ -332,8 +293,8 @@
The object takes the form of:
{ # Request for the ModifyAckDeadline method.
- "ackDeadlineSeconds": 42, # The new ack deadline with respect to the time this request was sent to the Pub/Sub system. Must be >= 0. For example, if the value is 10, the new ack deadline will expire 10 seconds after the ModifyAckDeadline call was made. Specifying zero may immediately make the message available for another pull request.
- "ackId": "A String", # The acknowledgment ID.
+ "ackDeadlineSeconds": 42, # The new ack deadline with respect to the time this request was sent to the Pub/Sub system. Must be >= 0. For example, if the value is 10, the new ack deadline will expire 10 seconds after the `ModifyAckDeadline` call was made. Specifying zero may immediately make the message available for another pull request.
+ "ackId": "A String", # The acknowledgment ID. Either this or ack_ids must be populated, but not both.
"ackIds": [ # List of acknowledgment IDs.
"A String",
],
@@ -344,13 +305,13 @@
Returns:
An object of the form:
- { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
}</pre>
</div>
<div class="method">
<code class="details" id="modifyPushConfig">modifyPushConfig(subscription, body, x__xgafv=None)</code>
- <pre>Modifies the PushConfig for a specified subscription. This may be used to change a push subscription to a pull one (signified by an empty PushConfig) or vice versa, or change the endpoint URL and other attributes of a push subscription. Messages will accumulate for delivery continuously through the call regardless of changes to the PushConfig.
+ <pre>Modifies the `PushConfig` for a specified subscription. This may be used to change a push subscription to a pull one (signified by an empty `PushConfig`) or vice versa, or change the endpoint URL and other attributes of a push subscription. Messages will accumulate for delivery continuously through the call regardless of changes to the `PushConfig`.
Args:
subscription: string, The name of the subscription. (required)
@@ -358,8 +319,8 @@
The object takes the form of:
{ # Request for the ModifyPushConfig method.
- "pushConfig": { # Configuration for a push delivery endpoint. # The push configuration for future deliveries. An empty pushConfig indicates that the Pub/Sub system should stop pushing messages from the given subscription and allow messages to be pulled and acknowledged - effectively pausing the subscription if Pull is not called.
- "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the CreateSubscription call, it will default to the version of the API used to make such call. If not present during a ModifyPushConfig call, its value will not be changed. GetSubscription calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
+ "pushConfig": { # Configuration for a push delivery endpoint. # The push configuration for future deliveries. An empty `pushConfig` indicates that the Pub/Sub system should stop pushing messages from the given subscription and allow messages to be pulled and acknowledged - effectively pausing the subscription if `Pull` is not called.
+ "attributes": { # Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is `x-goog-version`, which you can use to change the format of the push message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the envelope (i.e. its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the `CreateSubscription` call, it will default to the version of the API used to make such call. If not present during a `ModifyPushConfig` call, its value will not be changed. `GetSubscription` calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: * `v1beta1`: uses the push format defined in the v1beta1 Pub/Sub API. * `v1` or `v1beta2`: uses the push format defined in the v1 Pub/Sub API.
"a_key": "A String",
},
"pushEndpoint": "A String", # A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
@@ -371,21 +332,21 @@
Returns:
An object of the form:
- { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
}</pre>
</div>
<div class="method">
<code class="details" id="pull">pull(subscription, body, x__xgafv=None)</code>
- <pre>Pulls messages from the server. Returns an empty list if there are no messages available in the backlog. The server may return UNAVAILABLE if there are too many concurrent pull requests pending for the given subscription.
+ <pre>Pulls messages from the server. Returns an empty list if there are no messages available in the backlog. The server may return `UNAVAILABLE` if there are too many concurrent pull requests pending for the given subscription.
Args:
subscription: string, The subscription from which messages should be pulled. (required)
body: object, The request body. (required)
The object takes the form of:
-{ # Request for the Pull method.
- "returnImmediately": True or False, # If this is specified as true the system will respond immediately even if it is not able to return a message in the Pull response. Otherwise the system is allowed to wait until at least one message is available rather than returning no messages. The client may cancel the request if it does not wish to wait any longer for the response.
+{ # Request for the `Pull` method.
+ "returnImmediately": True or False, # If this is specified as true the system will respond immediately even if it is not able to return a message in the `Pull` response. Otherwise the system is allowed to wait until at least one message is available rather than returning no messages. The client may cancel the request if it does not wish to wait any longer for the response.
"maxMessages": 42, # The maximum number of messages returned for this request. The Pub/Sub system may return fewer than the number specified.
}
@@ -394,16 +355,17 @@
Returns:
An object of the form:
- { # Response for the Pull method.
- "receivedMessages": [ # Received Pub/Sub messages. The Pub/Sub system will return zero messages if there are no more available in the backlog. The Pub/Sub system may return fewer than the maxMessages requested even if there are more messages available in the backlog.
+ { # Response for the `Pull` method.
+ "receivedMessages": [ # Received Pub/Sub messages. The Pub/Sub system will return zero messages if there are no more available in the backlog. The Pub/Sub system may return fewer than the `maxMessages` requested even if there are more messages available in the backlog.
{ # A message and its corresponding acknowledgment ID.
"ackId": "A String", # This ID can be used to acknowledge the received message.
- "message": { # A message data and its attributes. # The message.
+ "message": { # A message data and its attributes. The message payload must not be empty; it must contain either a non-empty data field, or at least one attribute. # The message.
"attributes": { # Optional attributes for this message.
"a_key": "A String",
},
- "data": "A String", # The message payload. For JSON requests, the value of this field must be base64-encoded.
- "messageId": "A String", # ID of this message assigned by the server at publication time. Guaranteed to be unique within the topic. This value may be read by a subscriber that receives a PubsubMessage via a Pull call or a push delivery. It must not be populated by a publisher in a Publish call.
+ "data": "A String", # The message payload. For JSON requests, the value of this field must be [base64-encoded](https://tools.ietf.org/html/rfc4648).
+ "publishTime": "A String", # The time at which the message was published, populated by the server when it receives the `Publish` call. It must not be populated by the publisher in a `Publish` call.
+ "messageId": "A String", # ID of this message, assigned by the server when the message is published. Guaranteed to be unique within the topic. This value may be read by a subscriber that receives a `PubsubMessage` via a `Pull` call or a push delivery. It must not be populated by the publisher in a `Publish` call.
},
},
],
@@ -415,61 +377,22 @@
<pre>Sets the access control policy on the specified resource. Replaces any existing policy.
Args:
- resource: string, REQUIRED: The resource for which policy is being specified. Usually some path like projects/{project}/zones/{zone}/disks/{disk}. (required)
+ resource: string, REQUIRED: The resource for which the policy is being specified. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ``` # REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them.
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
},
}
@@ -478,56 +401,17 @@
Returns:
An object of the form:
- { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ```
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
}</pre>
</div>
@@ -536,12 +420,12 @@
<pre>Returns permissions that a caller has on the specified resource.
Args:
- resource: string, REQUIRED: The resource for which policy detail is being requested. Usually some path like projects/{project}. (required)
+ resource: string, REQUIRED: The resource for which the policy detail is being requested. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `TestIamPermissions` method.
- "permissions": [ # The set of permissions to check for the 'resource'. Permissions with wildcards (such as '*' or 'storage.*') are not allowed.
+ "permissions": [ # The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
"A String",
],
}