Refresh all docs (#298)
Change the discovery query to fetch all discovery docs, not just the
preferred ones.
diff --git a/docs/dyn/pubsub_v1beta2.projects.topics.html b/docs/dyn/pubsub_v1beta2.projects.topics.html
index f6d3b5b..ace8c6b 100644
--- a/docs/dyn/pubsub_v1beta2.projects.topics.html
+++ b/docs/dyn/pubsub_v1beta2.projects.topics.html
@@ -84,13 +84,13 @@
<p class="firstline">Creates the given topic with the given name.</p>
<p class="toc_element">
<code><a href="#delete">delete(topic, x__xgafv=None)</a></code></p>
-<p class="firstline">Deletes the topic with the given name. Returns NOT_FOUND if the topic does not exist. After a topic is deleted, a new topic may be created with the same name; this is an entirely new topic with none of the old configuration or subscriptions. Existing subscriptions to this topic are not deleted.</p>
+<p class="firstline">Deletes the topic with the given name. Returns `NOT_FOUND` if the topic does not exist. After a topic is deleted, a new topic may be created with the same name; this is an entirely new topic with none of the old configuration or subscriptions. Existing subscriptions to this topic are not deleted, but their `topic` field is set to `_deleted-topic_`.</p>
<p class="toc_element">
<code><a href="#get">get(topic, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the configuration of a topic.</p>
<p class="toc_element">
<code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p>
-<p class="firstline">Gets the access control policy for a resource. May be empty if no such policy or resource exists.</p>
+<p class="firstline">Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.</p>
<p class="toc_element">
<code><a href="#list">list(project, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists matching topics.</p>
@@ -99,7 +99,7 @@
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#publish">publish(topic, body, x__xgafv=None)</a></code></p>
-<p class="firstline">Adds one or more messages to the topic. Returns NOT_FOUND if the topic does not exist.</p>
+<p class="firstline">Adds one or more messages to the topic. Returns `NOT_FOUND` if the topic does not exist. The message payload must not be empty; it must contain either a non-empty data field, or at least one attribute.</p>
<p class="toc_element">
<code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on the specified resource. Replaces any existing policy.</p>
@@ -112,12 +112,12 @@
<pre>Creates the given topic with the given name.
Args:
- name: string, The name of the topic. It must have the format "projects/{project}/topics/{topic}" for Google Cloud Pub/Sub API v1beta2. {topic} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog". (required)
+ name: string, The name of the topic. It must have the format `"projects/{project}/topics/{topic}"`. `{topic}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # A topic resource.
- "name": "A String", # The name of the topic. It must have the format "projects/{project}/topics/{topic}" for Google Cloud Pub/Sub API v1beta2. {topic} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the topic. It must have the format `"projects/{project}/topics/{topic}"`. `{topic}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}
x__xgafv: string, V1 error format.
@@ -126,13 +126,13 @@
An object of the form:
{ # A topic resource.
- "name": "A String", # The name of the topic. It must have the format "projects/{project}/topics/{topic}" for Google Cloud Pub/Sub API v1beta2. {topic} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the topic. It must have the format `"projects/{project}/topics/{topic}"`. `{topic}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}</pre>
</div>
<div class="method">
<code class="details" id="delete">delete(topic, x__xgafv=None)</code>
- <pre>Deletes the topic with the given name. Returns NOT_FOUND if the topic does not exist. After a topic is deleted, a new topic may be created with the same name; this is an entirely new topic with none of the old configuration or subscriptions. Existing subscriptions to this topic are not deleted.
+ <pre>Deletes the topic with the given name. Returns `NOT_FOUND` if the topic does not exist. After a topic is deleted, a new topic may be created with the same name; this is an entirely new topic with none of the old configuration or subscriptions. Existing subscriptions to this topic are not deleted, but their `topic` field is set to `_deleted-topic_`.
Args:
topic: string, Name of the topic to delete. (required)
@@ -141,7 +141,7 @@
Returns:
An object of the form:
- { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
}</pre>
</div>
@@ -157,71 +157,32 @@
An object of the form:
{ # A topic resource.
- "name": "A String", # The name of the topic. It must have the format "projects/{project}/topics/{topic}" for Google Cloud Pub/Sub API v1beta2. {topic} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the topic. It must have the format `"projects/{project}/topics/{topic}"`. `{topic}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
}</pre>
</div>
<div class="method">
<code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code>
- <pre>Gets the access control policy for a resource. May be empty if no such policy or resource exists.
+ <pre>Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Args:
- resource: string, REQUIRED: The resource for which policy is being requested. Usually some path like projects/{project}. (required)
+ resource: string, REQUIRED: The resource for which the policy is being requested. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
x__xgafv: string, V1 error format.
Returns:
An object of the form:
- { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ```
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
}</pre>
</div>
@@ -232,17 +193,17 @@
Args:
project: string, The name of the cloud project that topics belong to. (required)
pageSize: integer, Maximum number of topics to return.
- pageToken: string, The value returned by the last ListTopicsResponse; indicates that this is a continuation of a prior ListTopics call, and that the system should return the next page of data.
+ pageToken: string, The value returned by the last `ListTopicsResponse`; indicates that this is a continuation of a prior `ListTopics` call, and that the system should return the next page of data.
x__xgafv: string, V1 error format.
Returns:
An object of the form:
- { # Response for the ListTopics method.
- "nextPageToken": "A String", # If not empty, indicates that there may be more topics that match the request; this value should be passed in a new ListTopicsRequest.
+ { # Response for the `ListTopics` method.
+ "nextPageToken": "A String", # If not empty, indicates that there may be more topics that match the request; this value should be passed in a new `ListTopicsRequest`.
"topics": [ # The resulting topics.
{ # A topic resource.
- "name": "A String", # The name of the topic. It must have the format "projects/{project}/topics/{topic}" for Google Cloud Pub/Sub API v1beta2. {topic} must start with a letter, and contain only letters ([A-Za-z]), numbers ([0-9], dashes (-), underscores (_), periods (.), tildes (~), plus (+) or percent signs (%). It must be between 3 and 255 characters in length, and it must not start with "goog".
+ "name": "A String", # The name of the topic. It must have the format `"projects/{project}/topics/{topic}"`. `{topic}` must start with a letter, and contain only letters (`[A-Za-z]`), numbers (`[0-9]`), dashes (`-`), underscores (`_`), periods (`.`), tildes (`~`), plus (`+`) or percent signs (`%`). It must be between 3 and 255 characters in length, and it must not start with `"goog"`.
},
],
}</pre>
@@ -264,7 +225,7 @@
<div class="method">
<code class="details" id="publish">publish(topic, body, x__xgafv=None)</code>
- <pre>Adds one or more messages to the topic. Returns NOT_FOUND if the topic does not exist.
+ <pre>Adds one or more messages to the topic. Returns `NOT_FOUND` if the topic does not exist. The message payload must not be empty; it must contain either a non-empty data field, or at least one attribute.
Args:
topic: string, The messages in the request will be published on this topic. (required)
@@ -273,12 +234,13 @@
{ # Request for the Publish method.
"messages": [ # The messages to publish.
- { # A message data and its attributes.
+ { # A message data and its attributes. The message payload must not be empty; it must contain either a non-empty data field, or at least one attribute.
"attributes": { # Optional attributes for this message.
"a_key": "A String",
},
- "data": "A String", # The message payload. For JSON requests, the value of this field must be base64-encoded.
- "messageId": "A String", # ID of this message assigned by the server at publication time. Guaranteed to be unique within the topic. This value may be read by a subscriber that receives a PubsubMessage via a Pull call or a push delivery. It must not be populated by a publisher in a Publish call.
+ "data": "A String", # The message payload. For JSON requests, the value of this field must be [base64-encoded](https://tools.ietf.org/html/rfc4648).
+ "publishTime": "A String", # The time at which the message was published, populated by the server when it receives the `Publish` call. It must not be populated by the publisher in a `Publish` call.
+ "messageId": "A String", # ID of this message, assigned by the server when the message is published. Guaranteed to be unique within the topic. This value may be read by a subscriber that receives a `PubsubMessage` via a `Pull` call or a push delivery. It must not be populated by the publisher in a `Publish` call.
},
],
}
@@ -288,7 +250,7 @@
Returns:
An object of the form:
- { # Response for the Publish method.
+ { # Response for the `Publish` method.
"messageIds": [ # The server-assigned ID of each published message, in the same order as the messages in the request. IDs are guaranteed to be unique within the topic.
"A String",
],
@@ -300,61 +262,22 @@
<pre>Sets the access control policy on the specified resource. Replaces any existing policy.
Args:
- resource: string, REQUIRED: The resource for which policy is being specified. Usually some path like projects/{project}/zones/{zone}/disks/{disk}. (required)
+ resource: string, REQUIRED: The resource for which the policy is being specified. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ``` # REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them.
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
},
}
@@ -363,56 +286,17 @@
Returns:
An object of the form:
- { # # Overview The `Policy` defines an access control policy language. It can be used to define policies that can be attached to resources like files, folders, VMs, etc. # Policy structure A `Policy` consists of a list of bindings. A `Binding` binds a set of members to a role, where the members can include user accounts, user groups, user domains, and service accounts. A role is a named set of permissions, defined by the IAM system. The definition of a role is outside the policy. A permission check involves determining the roles that include the specified permission, and then determining if the principal specified by the check is a member of a binding to at least one of these roles. The membership check is recursive when a group is bound to a role. Policy examples: ``` { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group::admins@example.com", "domain:google.com", "serviceAccount:frontend@example.iam.gserviceaccounts.com"] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } ```
- "rules": [
- { # A rule to be applied in a Policy.
- "notIn": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is not in this set of entries. The formation for in and not_in entries is the same as members in a Binding above.
- "A String",
- ],
- "description": "A String", # Human-readable description of the rule.
- "in": [ # The rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in this set of entries.
- "A String",
- ],
- "action": "A String", # Required
- "conditions": [ # Additional restrictions that must be met
- { # A condition to be met.
- "iam": "A String", # Trusted attributes supplied by the IAM system.
- "svc": "A String", # Trusted attributes discharged by the service.
- "value": "A String", # The object of the condition. Exactly one of these must be set.
- "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses the IAM system for access control.
- "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
- "A String",
- ],
- "op": "A String", # An operator to apply the subject with.
- },
- ],
- "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action.
- { # Specifies what kind of log the caller must write Increment a streamz counter with the specified metric and field names. Metric names should start with a '/', generally be lowercase-only, and end in "_count". Field names should not contain an initial slash. The actual exported metric names will have "/iam/policy" prepended. Field names correspond to IAM request parameters and field values are their respective values. At present only "iam_principal", corresponding to IAMContext.principal, is supported. Examples: counter { metric: "/debug_access_count" field: "iam_principal" } ==> increment counter /iam/policy/backend_debug_access_count {iam_principal=[value of IAMContext.principal]} At this time we do not support: * multiple field names (though this may be supported in the future) * decrementing the counter * incrementing it by anything other than 1
- "counter": { # Options for counters # Counter options.
- "field": "A String", # The field value to attribute.
- "metric": "A String", # The metric to update.
- },
- "dataAccess": { # Write a Data Access (Gin) log # Data access options.
- },
- "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
- },
- },
- ],
- "permissions": [ # A permission is a string of form '..' (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
+ { # Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A `Policy` consists of a list of `bindings`. A `Binding` binds a list of `members` to a `role`, where the members can be user accounts, Google groups, Google domains, and service accounts. A `role` is a named list of permissions defined by IAM. **Example** { "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com", ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] } For a description of IAM and its features, see the [IAM developer's guide](https://cloud.google.com/iam).
+ "bindings": [ # Associates a list of `members` to a `role`. Multiple `bindings` must not be specified for the same `role`. `bindings` with no members will result in an error.
+ { # Associates `members` with a `role`.
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@gmail.com` or `joe@example.com`. * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: A Google Apps domain name that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
},
],
- "bindings": [ # It is an error to specify multiple bindings for the same role. It is an error to specify a binding with no members.
- { # Associates members of various types with roles. See below for details of the various objects that can be included as members.
- "role": "A String", # The name of the role to which the members should be bound. Examples: "roles/viewer", "roles/editor", "roles/owner". Required
- "members": [ # Format of member entries: 1. allUsers Matches any requesting principal (users, service accounts or anonymous). 2. allAuthenticatedUsers Matches any requesting authenticated principal (users or service accounts). 3. user:{emailid} A google user account using an email address. For example alice@gmail.com, joe@example.com 4. serviceAccount:{emailid} An service account email. 5. group:{emailid} A google group with an email address. For example auth-ti-cloud@google.com 6. domain:{domain} A Google Apps domain name. For example google.com, example.com
- "A String",
- ],
- },
- ],
- "version": 42, # The policy language version. The version of the policy itself is represented by the etag. The current version is 0.
- "etag": "A String", # Can be used to perform a read-modify-write.
+ "version": 42, # Version of the `Policy`. The default version is 0.
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is overwritten blindly.
}</pre>
</div>
@@ -421,12 +305,12 @@
<pre>Returns permissions that a caller has on the specified resource.
Args:
- resource: string, REQUIRED: The resource for which policy detail is being requested. Usually some path like projects/{project}. (required)
+ resource: string, REQUIRED: The resource for which the policy detail is being requested. `resource` is usually specified as a path. For example, a Project resource is specified as `projects/{project}`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for `TestIamPermissions` method.
- "permissions": [ # The set of permissions to check for the 'resource'. Permissions with wildcards (such as '*' or 'storage.*') are not allowed.
+ "permissions": [ # The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
"A String",
],
}