chore: Update discovery artifacts (#1572)
## Discovery Artifact Change Summary:
feat(androidpublisher): update the api https://github.com/googleapis/google-api-python-client/commit/cdbabdfbdaeed465b667852cef415fdfa7d1024a
feat(firebase): update the api https://github.com/googleapis/google-api-python-client/commit/dcab2830e6a0cf09999149e0d0d84d3a8f3d26aa
feat(localservices): update the api https://github.com/googleapis/google-api-python-client/commit/24da1cc0aff78ef70988e6287e5e55fee20ba8ee
feat(networkmanagement): update the api https://github.com/googleapis/google-api-python-client/commit/d0e5a726e9cb4098527bd60fe6818b7c307a865b
feat(realtimebidding): update the api https://github.com/googleapis/google-api-python-client/commit/716ded31624c382be7ecf55ec2de87560b7592ef
feat(retail): update the api https://github.com/googleapis/google-api-python-client/commit/2aa456adabc7c81cea0061d8538473e3b8980d66
diff --git a/docs/dyn/admin_directory_v1.orgunits.html b/docs/dyn/admin_directory_v1.orgunits.html
index 623cf5f..94a7de9 100644
--- a/docs/dyn/admin_directory_v1.orgunits.html
+++ b/docs/dyn/admin_directory_v1.orgunits.html
@@ -130,7 +130,7 @@
Returns:
An object of the form:
- { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+ { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -152,7 +152,7 @@
body: object, The request body.
The object takes the form of:
-{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -172,7 +172,7 @@
Returns:
An object of the form:
- { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+ { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -208,7 +208,7 @@
"etag": "A String", # ETag of the resource.
"kind": "admin#directory#orgUnits", # The type of the API resource. For Org Unit resources, the type is `admin#directory#orgUnits`.
"organizationUnits": [ # List of organizational unit objects.
- { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+ { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -233,7 +233,7 @@
body: object, The request body.
The object takes the form of:
-{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -253,7 +253,7 @@
Returns:
An object of the form:
- { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+ { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -276,7 +276,7 @@
body: object, The request body.
The object takes the form of:
-{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+{ # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
@@ -296,7 +296,7 @@
Returns:
An object of the form:
- { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html).
+ { # Managing your account's organizational units allows you to configure your users' access to services and custom settings. For more information about common organizational unit tasks, see the [Developer's Guide](/admin-sdk/directory/v1/guides/manage-org-units.html). The customer's organizational unit hierarchy is limited to 35 levels of depth.
"blockInheritance": True or False, # Determines if a sub-organizational unit can inherit the settings of the parent organization. The default value is `false`, meaning a sub-organizational unit inherits the settings of the nearest parent organizational unit. For more information on inheritance and users in an organization structure, see the [administration help center](https://support.google.com/a/answer/4352075).
"description": "A String", # Description of the organizational unit.
"etag": "A String", # ETag of the resource.
diff --git a/docs/dyn/androidpublisher_v3.grants.html b/docs/dyn/androidpublisher_v3.grants.html
new file mode 100644
index 0000000..4471e94
--- /dev/null
+++ b/docs/dyn/androidpublisher_v3.grants.html
@@ -0,0 +1,177 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="androidpublisher_v3.html">Google Play Android Developer API</a> . <a href="androidpublisher_v3.grants.html">grants</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Grant access for a user to the given package.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Removes all access for the user to the given package or developer account.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates access for the user to the given package.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
+ <pre>Grant access for a user to the given package.
+
+Args:
+ parent: string, Required. The user which needs permission. Format: developers/{developer}/users/{user} (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Removes all access for the user to the given package or developer account.
+
+Args:
+ name: string, Required. The name of the grant to delete. Format: developers/{developer}/users/{email}/grants/{package_name} (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates access for the user to the given package.
+
+Args:
+ name: string, Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}". (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+}
+
+ updateMask: string, Optional. The list of fields to be updated.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/androidpublisher_v3.html b/docs/dyn/androidpublisher_v3.html
index d0451f9..298fe1d 100644
--- a/docs/dyn/androidpublisher_v3.html
+++ b/docs/dyn/androidpublisher_v3.html
@@ -80,6 +80,11 @@
<p class="firstline">Returns the edits Resource.</p>
<p class="toc_element">
+ <code><a href="androidpublisher_v3.grants.html">grants()</a></code>
+</p>
+<p class="firstline">Returns the grants Resource.</p>
+
+<p class="toc_element">
<code><a href="androidpublisher_v3.inappproducts.html">inappproducts()</a></code>
</p>
<p class="firstline">Returns the inappproducts Resource.</p>
@@ -115,6 +120,11 @@
<p class="firstline">Returns the systemapks Resource.</p>
<p class="toc_element">
+ <code><a href="androidpublisher_v3.users.html">users()</a></code>
+</p>
+<p class="firstline">Returns the users Resource.</p>
+
+<p class="toc_element">
<code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
diff --git a/docs/dyn/androidpublisher_v3.users.html b/docs/dyn/androidpublisher_v3.users.html
new file mode 100644
index 0000000..b697bea
--- /dev/null
+++ b/docs/dyn/androidpublisher_v3.users.html
@@ -0,0 +1,287 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="androidpublisher_v3.html">Google Play Android Developer API</a> . <a href="androidpublisher_v3.users.html">users</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Grant access for a user to the given developer account.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Removes all access for the user to the given developer account.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists all users with access to a developer account.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates access for the user to the developer account.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
+ <pre>Grant access for a user to the given developer account.
+
+Args:
+ parent: string, Required. The developer account to add the user to. Format: developers/{developer} (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # A user resource.
+ "accessState": "A String", # Output only. The state of the user's access to the Play Console.
+ "developerAccountPermissions": [ # Permissions for the user which apply across the developer account.
+ "A String",
+ ],
+ "email": "A String", # Immutable. The user's email address.
+ "expirationTime": "A String", # The time at which the user's access expires, if set.
+ "grants": [ # Output only. Per-app permissions for the user.
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+ },
+ ],
+ "name": "A String", # Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}".
+ "partial": True or False, # Output only. Whether there are more permissions for the user that are not represented here.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A user resource.
+ "accessState": "A String", # Output only. The state of the user's access to the Play Console.
+ "developerAccountPermissions": [ # Permissions for the user which apply across the developer account.
+ "A String",
+ ],
+ "email": "A String", # Immutable. The user's email address.
+ "expirationTime": "A String", # The time at which the user's access expires, if set.
+ "grants": [ # Output only. Per-app permissions for the user.
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+ },
+ ],
+ "name": "A String", # Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}".
+ "partial": True or False, # Output only. Whether there are more permissions for the user that are not represented here.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Removes all access for the user to the given developer account.
+
+Args:
+ name: string, Required. The name of the user to delete. Format: developers/{developer}/users/{email} (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists all users with access to a developer account.
+
+Args:
+ parent: string, Required. The developer account to fetch users from. Format: developers/{developer} (required)
+ pageSize: integer, The maximum number of results to return. This must be set to -1 to disable pagination.
+ pageToken: string, A token received from a previous call to this method, in order to retrieve further results.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A response containing one or more users with access to an account.
+ "nextPageToken": "A String", # A token to pass to subsequent calls in order to retrieve subsequent results. This will not be set if there are no more results to return.
+ "users": [ # The resulting users.
+ { # A user resource.
+ "accessState": "A String", # Output only. The state of the user's access to the Play Console.
+ "developerAccountPermissions": [ # Permissions for the user which apply across the developer account.
+ "A String",
+ ],
+ "email": "A String", # Immutable. The user's email address.
+ "expirationTime": "A String", # The time at which the user's access expires, if set.
+ "grants": [ # Output only. Per-app permissions for the user.
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+ },
+ ],
+ "name": "A String", # Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}".
+ "partial": True or False, # Output only. Whether there are more permissions for the user that are not represented here.
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates access for the user to the developer account.
+
+Args:
+ name: string, Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}". (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # A user resource.
+ "accessState": "A String", # Output only. The state of the user's access to the Play Console.
+ "developerAccountPermissions": [ # Permissions for the user which apply across the developer account.
+ "A String",
+ ],
+ "email": "A String", # Immutable. The user's email address.
+ "expirationTime": "A String", # The time at which the user's access expires, if set.
+ "grants": [ # Output only. Per-app permissions for the user.
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+ },
+ ],
+ "name": "A String", # Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}".
+ "partial": True or False, # Output only. Whether there are more permissions for the user that are not represented here.
+}
+
+ updateMask: string, Optional. The list of fields to be updated.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A user resource.
+ "accessState": "A String", # Output only. The state of the user's access to the Play Console.
+ "developerAccountPermissions": [ # Permissions for the user which apply across the developer account.
+ "A String",
+ ],
+ "email": "A String", # Immutable. The user's email address.
+ "expirationTime": "A String", # The time at which the user's access expires, if set.
+ "grants": [ # Output only. Per-app permissions for the user.
+ { # An access grant resource.
+ "appLevelPermissions": [ # The permissions granted to the user for this app.
+ "A String",
+ ],
+ "name": "A String", # Required. Resource name for this grant, following the pattern "developers/{developer}/users/{email}/grants/{package_name}".
+ "packageName": "A String", # Immutable. The package name of the app.
+ },
+ ],
+ "name": "A String", # Required. Resource name for this user, following the pattern "developers/{developer}/users/{email}".
+ "partial": True or False, # Output only. Whether there are more permissions for the user that are not represented here.
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/chat_v1.spaces.messages.html b/docs/dyn/chat_v1.spaces.messages.html
index 911c994..a9eec5a 100644
--- a/docs/dyn/chat_v1.spaces.messages.html
+++ b/docs/dyn/chat_v1.spaces.messages.html
@@ -3221,7 +3221,7 @@
},
}
- updateMask: string, Required. The field paths to be updated, comma separated if there are multiple. Currently supported field paths: * text * cards
+ updateMask: string, Required. The field paths to be updated, comma separated if there are multiple. Currently supported field paths: * text * cards * gsuite_message_integration_render_data * attachment
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
diff --git a/docs/dyn/chromepolicy_v1.customers.policies.orgunits.html b/docs/dyn/chromepolicy_v1.customers.policies.orgunits.html
index d389a9f..17469c8 100644
--- a/docs/dyn/chromepolicy_v1.customers.policies.orgunits.html
+++ b/docs/dyn/chromepolicy_v1.customers.policies.orgunits.html
@@ -76,17 +76,17 @@
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="#batchInherit">batchInherit(customer, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Modify multiple policy values that are applied to a specific org unit so that they now inherit the value from a parent (if applicable). All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`. On failure the request will return the error details as part of the google.rpc.Status.</p>
+<p class="firstline">Modify multiple policy values that are applied to a specific org unit so that they now inherit the value from a parent (if applicable). All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`, though the values for those keys may be different. On failure the request will return the error details as part of the google.rpc.Status.</p>
<p class="toc_element">
<code><a href="#batchModify">batchModify(customer, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Modify multiple policy values that are applied to a specific org unit. All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`. On failure the request will return the error details as part of the google.rpc.Status.</p>
+<p class="firstline">Modify multiple policy values that are applied to a specific org unit. All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`, though the values for those keys may be different. On failure the request will return the error details as part of the google.rpc.Status.</p>
<p class="toc_element">
<code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="batchInherit">batchInherit(customer, body=None, x__xgafv=None)</code>
- <pre>Modify multiple policy values that are applied to a specific org unit so that they now inherit the value from a parent (if applicable). All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`. On failure the request will return the error details as part of the google.rpc.Status.
+ <pre>Modify multiple policy values that are applied to a specific org unit so that they now inherit the value from a parent (if applicable). All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`, though the values for those keys may be different. On failure the request will return the error details as part of the google.rpc.Status.
Args:
customer: string, ID of the G Suite account or literal "my_customer" for the customer associated to the request. (required)
@@ -121,7 +121,7 @@
<div class="method">
<code class="details" id="batchModify">batchModify(customer, body=None, x__xgafv=None)</code>
- <pre>Modify multiple policy values that are applied to a specific org unit. All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`. On failure the request will return the error details as part of the google.rpc.Status.
+ <pre>Modify multiple policy values that are applied to a specific org unit. All targets must have the same target format. That is to say that they must point to the same target resource and must have the same keys specified in `additionalTargetKeyNames`, though the values for those keys may be different. On failure the request will return the error details as part of the google.rpc.Status.
Args:
customer: string, ID of the G Suite account or literal "my_customer" for the customer associated to the request. (required)
diff --git a/docs/dyn/chromepolicy_v1.customers.policySchemas.html b/docs/dyn/chromepolicy_v1.customers.policySchemas.html
index de9a531..e009d44 100644
--- a/docs/dyn/chromepolicy_v1.customers.policySchemas.html
+++ b/docs/dyn/chromepolicy_v1.customers.policySchemas.html
@@ -201,7 +201,7 @@
},
],
"policyDescription": "A String", # Output only. Description about the policy schema for user consumption.
- "schemaName": "A String", # Output only. The full qualified name of the policy schema. This value is used to fill the field `policy_schema` in PolicyValue when calling BatchInheritOrgUnitPolicies or BatchModifyOrgUnitPolicies.
+ "schemaName": "A String", # Output only. The full qualified name of the policy schema. This value is used to fill the field `policy_schema` in PolicyValue when calling BatchInheritOrgUnitPolicies BatchModifyOrgUnitPolicies BatchModifyGroupPolicies or BatchDeleteGroupPolicies.
"supportUri": "A String", # Output only. URI to related support article for this schema.
"validTargetResources": [ # Output only. Information about applicable target resources for the policy.
"A String",
@@ -324,7 +324,7 @@
},
],
"policyDescription": "A String", # Output only. Description about the policy schema for user consumption.
- "schemaName": "A String", # Output only. The full qualified name of the policy schema. This value is used to fill the field `policy_schema` in PolicyValue when calling BatchInheritOrgUnitPolicies or BatchModifyOrgUnitPolicies.
+ "schemaName": "A String", # Output only. The full qualified name of the policy schema. This value is used to fill the field `policy_schema` in PolicyValue when calling BatchInheritOrgUnitPolicies BatchModifyOrgUnitPolicies BatchModifyGroupPolicies or BatchDeleteGroupPolicies.
"supportUri": "A String", # Output only. URI to related support article for this schema.
"validTargetResources": [ # Output only. Information about applicable target resources for the policy.
"A String",
diff --git a/docs/dyn/cloudidentity_v1beta1.groups.memberships.html b/docs/dyn/cloudidentity_v1beta1.groups.memberships.html
index 58672c6..9c3c7f0 100644
--- a/docs/dyn/cloudidentity_v1beta1.groups.memberships.html
+++ b/docs/dyn/cloudidentity_v1beta1.groups.memberships.html
@@ -566,7 +566,7 @@
An object of the form:
{ # The response message for MembershipsService.SearchTransitiveMemberships.
- "memberships": [ # List of transitive members satisfying the query.
+ "memberships": [ # List of transitive memberships satisfying the query.
{ # Message representing a transitive membership of a group.
"member": "A String", # Resource name for this member.
"preferredMemberKey": [ # Entity key has an id and a namespace. In case of discussion forums, the id will be an email address without a namespace.
@@ -575,7 +575,7 @@
"namespace": "A String", # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`.
},
],
- "relationType": "A String", # The relation between the group and the transitive member.
+ "relationType": "A String", # The relation between the group and the transitive membership.
"roles": [ # The membership role details (i.e name of role and expiry time).
{ # Message representing the role of a TransitiveMembership.
"role": "A String", # TransitiveMembershipRole in string format. Currently supported TransitiveMembershipRoles: `"MEMBER"`, `"OWNER"`, and `"MANAGER"`.
diff --git a/docs/dyn/cloudiot_v1.projects.locations.registries.groups.html b/docs/dyn/cloudiot_v1.projects.locations.registries.groups.html
index a49461f..0249e01 100644
--- a/docs/dyn/cloudiot_v1.projects.locations.registries.groups.html
+++ b/docs/dyn/cloudiot_v1.projects.locations.registries.groups.html
@@ -120,19 +120,19 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -150,19 +150,19 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -178,19 +178,19 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/cloudiot_v1.projects.locations.registries.html b/docs/dyn/cloudiot_v1.projects.locations.registries.html
index 928ceda..e7049e7 100644
--- a/docs/dyn/cloudiot_v1.projects.locations.registries.html
+++ b/docs/dyn/cloudiot_v1.projects.locations.registries.html
@@ -337,19 +337,19 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -533,19 +533,19 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -561,19 +561,19 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/containeranalysis_v1.html b/docs/dyn/containeranalysis_v1.html
new file mode 100644
index 0000000..b74ef19
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.html
@@ -0,0 +1,116 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="containeranalysis_v1.operations.html">operations()</a></code>
+</p>
+<p class="firstline">Returns the operations Resource.</p>
+
+<p class="toc_element">
+ <code><a href="containeranalysis_v1.projects.html">projects()</a></code>
+</p>
+<p class="firstline">Returns the projects Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#new_batch_http_request">new_batch_http_request()</a></code></p>
+<p class="firstline">Create a BatchHttpRequest object based on the discovery document.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="new_batch_http_request">new_batch_http_request()</code>
+ <pre>Create a BatchHttpRequest object based on the discovery document.
+
+ Args:
+ callback: callable, A callback to be called for each response, of the
+ form callback(id, response, exception). The first parameter is the
+ request id, and the second is the deserialized response object. The
+ third is an apiclient.errors.HttpError exception object if an HTTP
+ error occurred while processing the request, or None if no error
+ occurred.
+
+ Returns:
+ A BatchHttpRequest object based on the discovery document.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/containeranalysis_v1.operations.html b/docs/dyn/containeranalysis_v1.operations.html
new file mode 100644
index 0000000..a779dec
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.operations.html
@@ -0,0 +1,235 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a> . <a href="containeranalysis_v1.operations.html">operations</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
+
+Args:
+ name: string, The name of the operation resource to be cancelled. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # The request message for Operations.CancelOperation.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+
+Args:
+ name: string, The name of the operation resource to be deleted. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
+
+Args:
+ name: string, The name of the operation resource. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
+
+Args:
+ name: string, The name of the operation's parent resource. (required)
+ filter: string, The standard list filter.
+ pageSize: integer, The standard list page size.
+ pageToken: string, The standard list page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # The response message for Operations.ListOperations.
+ "nextPageToken": "A String", # The standard List next-page token.
+ "operations": [ # A list of operations that matches the specified filter in the request.
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/containeranalysis_v1.projects.html b/docs/dyn/containeranalysis_v1.projects.html
new file mode 100644
index 0000000..ca9c83e
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.projects.html
@@ -0,0 +1,96 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a> . <a href="containeranalysis_v1.projects.html">projects</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="containeranalysis_v1.projects.notes.html">notes()</a></code>
+</p>
+<p class="firstline">Returns the notes Resource.</p>
+
+<p class="toc_element">
+ <code><a href="containeranalysis_v1.projects.occurrences.html">occurrences()</a></code>
+</p>
+<p class="firstline">Returns the occurrences Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/containeranalysis_v1.projects.notes.html b/docs/dyn/containeranalysis_v1.projects.notes.html
new file mode 100644
index 0000000..d6e3532
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.projects.notes.html
@@ -0,0 +1,1962 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a> . <a href="containeranalysis_v1.projects.html">projects</a> . <a href="containeranalysis_v1.projects.notes.html">notes</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="containeranalysis_v1.projects.notes.occurrences.html">occurrences()</a></code>
+</p>
+<p class="firstline">Returns the occurrences Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#batchCreate">batchCreate(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates new notes in batch.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, noteId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new note.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes the specified note.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the specified note.</p>
+<p class="toc_element">
+ <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the access control policy for a note or an occurrence resource. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists notes for the specified project.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the specified note.</p>
+<p class="toc_element">
+ <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Sets the access control policy on the specified note or occurrence. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or an occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<p class="toc_element">
+ <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, `containeranalysis.notes.list`). The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="batchCreate">batchCreate(parent, body=None, x__xgafv=None)</code>
+ <pre>Creates new notes in batch.
+
+Args:
+ parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which the notes are to be created. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request to create notes in batch.
+ "notes": { # Required. The notes to create. Max allowed length is 1000.
+ "a_key": { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+ },
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response for creating notes in batch.
+ "notes": [ # The notes that were created.
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, noteId=None, x__xgafv=None)</code>
+ <pre>Creates a new note.
+
+Args:
+ parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which the note is to be created. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}
+
+ noteId: string, Required. The ID to use for this note.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes the specified note.
+
+Args:
+ name: string, Required. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets the specified note.
+
+Args:
+ name: string, Required. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
+ <pre>Gets the access control policy for a note or an occurrence resource. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `GetIamPolicy` method.
+ "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
+ "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists notes for the specified project.
+
+Args:
+ parent: string, Required. The name of the project to list notes for in the form of `projects/[PROJECT_ID]`. (required)
+ filter: string, The filter expression.
+ pageSize: integer, Number of notes to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.
+ pageToken: string, Token to provide to skip to a particular spot in the list.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response for listing notes.
+ "nextPageToken": "A String", # The next pagination token in the list response. It should be used as `page_token` for the following request. An empty value means no more results.
+ "notes": [ # The notes requested.
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the specified note.
+
+Args:
+ name: string, Required. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}
+
+ updateMask: string, The fields to update.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
+ <pre>Sets the access control policy on the specified note or occurrence. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or an occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `SetIamPolicy` method.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
+ <pre>Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, `containeranalysis.notes.list`). The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `TestIamPermissions` method.
+ "permissions": [ # The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+ "A String",
+ ],
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for `TestIamPermissions` method.
+ "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
+ "A String",
+ ],
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html b/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
new file mode 100644
index 0000000..88d6685
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.projects.notes.occurrences.html
@@ -0,0 +1,526 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a> . <a href="containeranalysis_v1.projects.html">projects</a> . <a href="containeranalysis_v1.projects.notes.html">notes</a> . <a href="containeranalysis_v1.projects.notes.occurrences.html">occurrences</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists occurrences referencing the specified note. Provider projects can use this method to get all occurrences across consumer projects referencing the specified note.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists occurrences referencing the specified note. Provider projects can use this method to get all occurrences across consumer projects referencing the specified note.
+
+Args:
+ name: string, Required. The name of the note to list occurrences for in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. (required)
+ filter: string, The filter expression.
+ pageSize: integer, Number of occurrences to return in the list.
+ pageToken: string, Token to provide to skip to a particular spot in the list.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response for listing occurrences for a note.
+ "nextPageToken": "A String", # Token to provide to skip to a particular spot in the list.
+ "occurrences": [ # The occurrences attached to the specified note.
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/containeranalysis_v1.projects.occurrences.html b/docs/dyn/containeranalysis_v1.projects.occurrences.html
new file mode 100644
index 0000000..a158fa8
--- /dev/null
+++ b/docs/dyn/containeranalysis_v1.projects.occurrences.html
@@ -0,0 +1,3801 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="containeranalysis_v1.html">Container Analysis API</a> . <a href="containeranalysis_v1.projects.html">projects</a> . <a href="containeranalysis_v1.projects.occurrences.html">occurrences</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#batchCreate">batchCreate(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates new occurrences in batch.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new occurrence.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes the specified occurrence. For example, use this method to delete an occurrence when the occurrence is no longer applicable for the given resource.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the specified occurrence.</p>
+<p class="toc_element">
+ <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the access control policy for a note or an occurrence resource. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<p class="toc_element">
+ <code><a href="#getNotes">getNotes(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the note attached to the specified occurrence. Consumer projects can use this method to get a note that belongs to a provider project.</p>
+<p class="toc_element">
+ <code><a href="#getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets a summary of the number and severity of occurrences.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists occurrences for the specified project.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the specified occurrence.</p>
+<p class="toc_element">
+ <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Sets the access control policy on the specified note or occurrence. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or an occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<p class="toc_element">
+ <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, `containeranalysis.notes.list`). The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="batchCreate">batchCreate(parent, body=None, x__xgafv=None)</code>
+ <pre>Creates new occurrences in batch.
+
+Args:
+ parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which the occurrences are to be created. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request to create occurrences in batch.
+ "occurrences": [ # Required. The occurrences to create. Max allowed length is 1000.
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+ },
+ ],
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response for creating occurrences in batch.
+ "occurrences": [ # The occurrences that were created.
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
+ <pre>Creates a new occurrence.
+
+Args:
+ parent: string, Required. The name of the project in the form of `projects/[PROJECT_ID]`, under which the occurrence is to be created. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes the specified occurrence. For example, use this method to delete an occurrence when the occurrence is no longer applicable for the given resource.
+
+Args:
+ name: string, Required. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets the specified occurrence.
+
+Args:
+ name: string, Required. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
+ <pre>Gets the access control policy for a note or an occurrence resource. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `GetIamPolicy` method.
+ "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
+ "requestedPolicyVersion": 42, # Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="getNotes">getNotes(name, x__xgafv=None)</code>
+ <pre>Gets the note attached to the specified occurrence. Consumer projects can use this method to get a note that belongs to a provider project.
+
+Args:
+ name: string, Required. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A type of analysis that can be done for a resource.
+ "attestation": { # Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. # A note describing an attestation role.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # Hint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "qa".
+ },
+ },
+ "build": { # Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. # A note describing build provenance for a verifiable build.
+ "builderVersion": "A String", # Required. Immutable. Version of the builder which produced this build.
+ },
+ "compliance": { # A note describing a compliance check.
+ "cisBenchmark": { # A compliance check that is a CIS benchmark.
+ "profileLevel": 42,
+ "severity": "A String",
+ },
+ "description": "A String", # A description about this compliance check.
+ "rationale": "A String", # A rationale for the existence of this compliance check.
+ "remediation": "A String", # A description of remediation steps if the compliance check fails.
+ "scanInstructions": "A String", # Serialized scan instructions with a predefined format.
+ "title": "A String", # The title that identifies this compliance check.
+ "version": [ # The OS and config versions the benchmark applies to.
+ { # Describes the CIS benchmark version that is applicable to a given OS and os version.
+ "cpeUri": "A String", # The CPE URI (https://cpe.mitre.org/specification/) this benchmark is applicable to.
+ "version": "A String", # The version of the benchmark. This is set to the version of the OS-specific CIS document the benchmark is defined in.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this note was created. This field can be used as a filter in list requests.
+ "deployment": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
+ "resourceUri": [ # Required. Resource URI for the artifact being deployed.
+ "A String",
+ ],
+ },
+ "discovery": { # A note that indicates a type of analysis a provider would perform. This note exists in a provider's project. A `Discovery` occurrence is created in a consumer's project at the start of analysis. # A note describing the initial analysis of a resource.
+ "analysisKind": "A String", # Required. Immutable. The kind of analysis that is handled by this discovery.
+ },
+ "dsseAttestation": { # A note describing a dsse attestation note.
+ "hint": { # This submessage provides human-readable hints about the purpose of the authority. Because the name of a note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should not be used to look up authorities in security sensitive contexts, such as when looking up attestations to verify. # DSSEHint hints at the purpose of the attestation authority.
+ "humanReadableName": "A String", # Required. The human readable name of this attestation authority, for example "cloudbuild-prod".
+ },
+ },
+ "expirationTime": "A String", # Time of expiration for this note. Empty if note does not expire.
+ "image": { # Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g., a tag of the resource_url. # A note describing a base image.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. Immutable. The fingerprint of the base image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "resourceUrl": "A String", # Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.
+ },
+ "kind": "A String", # Output only. The type of analysis. This field can be used as a filter in list requests.
+ "longDescription": "A String", # A detailed description of this note.
+ "name": "A String", # Output only. The name of the note in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`.
+ "package": { # This represents a particular package that is distributed over various channels. E.g., glibc (aka libc6) is distributed by many, at various versions. # A note describing a package hosted by various package managers.
+ "distribution": [ # The various channels by which a package is distributed.
+ { # This represents a particular channel of distribution for a given package. E.g., Debian's jessie-backports dpkg mirror.
+ "architecture": "A String", # The CPU architecture for which packages in this distribution channel were built.
+ "cpeUri": "A String", # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "description": "A String", # The distribution channel-specific description of this package.
+ "latestVersion": { # Version contains structured information about the version of a package. # The latest available version of this package in this distribution channel.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "maintainer": "A String", # A freeform string denoting the maintainer of this package.
+ "url": "A String", # The distribution channel-specific homepage for this package.
+ },
+ ],
+ "name": "A String", # Required. Immutable. The name of the package.
+ },
+ "relatedNoteNames": [ # Other notes related to this note.
+ "A String",
+ ],
+ "relatedUrl": [ # URLs associated with this note.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "shortDescription": "A String", # A one sentence description of this note.
+ "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as a filter in list requests.
+ "upgrade": { # An Upgrade Note represents a potential upgrade of a package to a given version. For each package version combination (i.e. bash 4.0, bash 4.1, bash 4.1.2), there will be an Upgrade Note. For Windows, windows_update field represents the information related to the update. # A note describing available package upgrades.
+ "distributions": [ # Metadata about the upgrade for each specific operating system.
+ { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ ],
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "version": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # A security vulnerability that can be found in resources. # A note describing a package vulnerability.
+ "cvssScore": 3.14, # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "cvssV3": { # Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document # The full description of the CVSSv3 for this vulnerability.
+ "attackComplexity": "A String",
+ "attackVector": "A String", # Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
+ "availabilityImpact": "A String",
+ "baseScore": 3.14, # The base score is a function of the base metric scores.
+ "confidentialityImpact": "A String",
+ "exploitabilityScore": 3.14,
+ "impactScore": 3.14,
+ "integrityImpact": "A String",
+ "privilegesRequired": "A String",
+ "scope": "A String",
+ "userInteraction": "A String",
+ },
+ "details": [ # Details of all known distros and packages affected by this vulnerability.
+ { # A detail for a distro and package affected by this vulnerability and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "affectedPackage": "A String", # Required. The package this vulnerability affects.
+ "affectedVersionEnd": { # Version contains structured information about the version of a package. # The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "affectedVersionStart": { # Version contains structured information about the version of a package. # The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "description": "A String", # A vendor-specific description of this vulnerability.
+ "fixedCpeUri": "A String", # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "isObsolete": True or False, # Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.
+ "packageType": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ "severityName": "A String", # The distro assigned severity of this vulnerability.
+ "source": "A String", # The source from which the information in this Detail was obtained.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "vendor": "A String", # The name of the vendor of the product.
+ },
+ ],
+ "severity": "A String", # The note provider assigned severity of this vulnerability.
+ "sourceUpdateTime": "A String", # The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.
+ "windowsDetails": [ # Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.
+ {
+ "cpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability affects.
+ "description": "A String", # The description of this vulnerability.
+ "fixingKbs": [ # Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.
+ {
+ "name": "A String", # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
+ "url": "A String", # A link to the KB in the [Windows update catalog] (https://www.catalog.update.microsoft.com/).
+ },
+ ],
+ "name": "A String", # Required. The name of this vulnerability.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="getVulnerabilitySummary">getVulnerabilitySummary(parent, filter=None, x__xgafv=None)</code>
+ <pre>Gets a summary of the number and severity of occurrences.
+
+Args:
+ parent: string, Required. The name of the project to get a vulnerability summary for in the form of `projects/[PROJECT_ID]`. (required)
+ filter: string, The filter expression.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A summary of how many vulnerability occurrences there are per resource and severity type.
+ "counts": [ # A listing by resource of the number of fixable and total vulnerabilities.
+ { # Per resource and severity counts of fixable and total vulnerabilities.
+ "fixableCount": "A String", # The number of fixable vulnerabilities associated with this resource.
+ "resourceUri": "A String", # The affected resource.
+ "severity": "A String", # The severity for this count. SEVERITY_UNSPECIFIED indicates total across all severities.
+ "totalCount": "A String", # The total number of vulnerabilities associated with this resource.
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists occurrences for the specified project.
+
+Args:
+ parent: string, Required. The name of the project to list occurrences for in the form of `projects/[PROJECT_ID]`. (required)
+ filter: string, The filter expression.
+ pageSize: integer, Number of occurrences to return in the list. Must be positive. Max allowed page size is 1000. If not specified, page size defaults to 20.
+ pageToken: string, Token to provide to skip to a particular spot in the list.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response for listing occurrences.
+ "nextPageToken": "A String", # The next pagination token in the list response. It should be used as `page_token` for the following request. An empty value means no more results.
+ "occurrences": [ # The occurrences requested.
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the specified occurrence.
+
+Args:
+ name: string, Required. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+}
+
+ updateMask: string, The fields to update.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An instance of an analysis type that has been found on a resource.
+ "attestation": { # Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. # Describes an attestation of an artifact.
+ "jwts": [ # One or more JWTs encoding a self-contained attestation. Each JWT encodes the payload that it verifies within the JWT itself. Verifier implementation SHOULD ignore the `serialized_payload` field when verifying these JWTs. If only JWTs are present on this AttestationOccurrence, then the `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim specific to the `resource_uri` of this Occurrence, but this is not validated by Grafeas metadata API implementations. The JWT itself is opaque to Grafeas.
+ {
+ "compactJwt": "A String", # The compact encoding of a JWS, which is always three base64 encoded strings joined by periods. For details, see: https://tools.ietf.org/html/rfc7515.html#section-3.1
+ },
+ ],
+ "serializedPayload": "A String", # Required. The serialized payload that is verified by one or more `signatures`.
+ "signatures": [ # One or more signatures over `serialized_payload`. Verifier implementations should consider this attestation message verified if at least one `signature` verifies `serialized_payload`. See `Signature` in common.proto for more details on signature structure and verification.
+ { # Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The `public_key_id` is not recognized by the verifier. * The public key that `public_key_id` refers to does not verify the signature with respect to the payload. The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
+ "publicKeyId": "A String", # The identifier for the public key that verifies this signature. * The `public_key_id` is required. * The `public_key_id` SHOULD be an RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 public key fingerprint: * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
+ "signature": "A String", # The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
+ },
+ ],
+ },
+ "build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
+ "a_key": "A String",
+ },
+ "builderVersion": "A String", # Version string of the builder at the time this build was executed.
+ "builtArtifacts": [ # Output of the build.
+ { # Artifact describes a build product.
+ "checksum": "A String", # Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container.
+ "id": "A String", # Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`.
+ "names": [ # Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image.
+ "A String",
+ ],
+ },
+ ],
+ "commands": [ # Commands requested by the build.
+ { # Command describes a step performed as part of the build pipeline.
+ "args": [ # Command-line arguments used when executing this command.
+ "A String",
+ ],
+ "dir": "A String", # Working directory (relative to project source root) used when running this command.
+ "env": [ # Environment variables set before running this command.
+ "A String",
+ ],
+ "id": "A String", # Optional unique identifier for this command, used in wait_for to reference this command as a dependency.
+ "name": "A String", # Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`.
+ "waitFor": [ # The ID(s) of the command(s) that this command depends on.
+ "A String",
+ ],
+ },
+ ],
+ "createTime": "A String", # Time at which the build was created.
+ "creator": "A String", # E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time.
+ "endTime": "A String", # Time at which execution of the build was finished.
+ "id": "A String", # Required. Unique identifier of the build.
+ "logsUri": "A String", # URI where any logs for this provenance were written.
+ "projectId": "A String", # ID of the project.
+ "sourceProvenance": { # Source describes the location of the source used for the build. # Details of the Source input to the build.
+ "additionalContexts": [ # If provided, some of the source code used for the build may be found in these locations, in the case where the source repository had multiple remotes or submodules. This list will not include the context specified in the context field.
+ { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "artifactStorageSourceUri": "A String", # If provided, the input binary artifacts for the build came from this location.
+ "context": { # A SourceContext is a reference to a tree of files. A SourceContext together with a path point to a unique revision of a single file or directory. # If provided, the source code used for the build came from this location.
+ "cloudRepo": { # A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. # A SourceContext referring to a revision in a Google Cloud Source Repo.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "repoId": { # A unique identifier for a Cloud Repo. # The ID of the repo.
+ "projectRepoId": { # Selects a repo using a Google Cloud Platform project ID (e.g., winged-cargo-31) and a repo name within that project. # A combination of a project ID and a repo name.
+ "projectId": "A String", # The ID of the project.
+ "repoName": "A String", # The name of the repo. Leave empty for the default repo.
+ },
+ "uid": "A String", # A server-assigned, globally unique identifier.
+ },
+ "revisionId": "A String", # A revision ID.
+ },
+ "gerrit": { # A SourceContext referring to a Gerrit project. # A SourceContext referring to a Gerrit project.
+ "aliasContext": { # An alias to a repo revision. # An alias, which may be a branch or tag.
+ "kind": "A String", # The alias kind.
+ "name": "A String", # The alias name.
+ },
+ "gerritProject": "A String", # The full project name within the host. Projects may be nested, so "project/subproject" is a valid project name. The "repo name" is the hostURI/project.
+ "hostUri": "A String", # The URI of a running Gerrit instance.
+ "revisionId": "A String", # A revision (commit) ID.
+ },
+ "git": { # A GitSourceContext denotes a particular revision in a third party Git repository (e.g., GitHub). # A SourceContext referring to any third party Git repo (e.g., GitHub).
+ "revisionId": "A String", # Git commit hash.
+ "url": "A String", # Git repository URL.
+ },
+ "labels": { # Labels with user defined metadata.
+ "a_key": "A String",
+ },
+ },
+ "fileHashes": { # Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.
+ "a_key": { # Container message for hashes of byte content of files, used in source messages to verify integrity of source input to the build.
+ "fileHash": [ # Required. Collection of file hashes.
+ { # Container message for hash values.
+ "type": "A String", # Required. The type of hash that was performed, e.g. "SHA-256".
+ "value": "A String", # Required. The hash value.
+ },
+ ],
+ },
+ },
+ },
+ "startTime": "A String", # Time at which execution of the build was started.
+ "triggerId": "A String", # Trigger identifier if the build was triggered automatically; empty if not.
+ },
+ "provenanceBytes": "A String", # Serialized JSON representation of the provenance, used in generating the build signature in the corresponding build note. After verifying the signature, `provenance_bytes` can be unmarshalled and compared to the provenance to confirm that it is unchanged. A base64-encoded string representation of the provenance bytes is used for the signature in order to interoperate with openssl which expects this format for signature verification. The serialized form is captured both to avoid ambiguity in how the provenance is marshalled to json as well to prevent incompatibilities with future changes.
+ },
+ "compliance": { # An indication that the compliance checks in the associated ComplianceNote were not satisfied for particular resources or a specified reason. # Describes a compliance violation on a linked resource.
+ "nonComplianceReason": "A String",
+ "nonCompliantFiles": [
+ { # Details about files that caused a compliance check to fail.
+ "displayCommand": "A String", # Command to display the non-compliant files.
+ "path": "A String", # display_command is a single command that can be used to display a list of non compliant files. When there is no such command, we can also iterate a list of non compliant file using 'path'. Empty if `display_command` is set.
+ "reason": "A String", # Explains why a file is non compliant for a CIS check.
+ },
+ ],
+ },
+ "createTime": "A String", # Output only. The time this occurrence was created.
+ "deployment": { # The period during which some deployable was active in a runtime. # Describes the deployment of an artifact on a runtime.
+ "address": "A String", # Address of the runtime element hosting this deployment.
+ "config": "A String", # Configuration used to create this deployment.
+ "deployTime": "A String", # Required. Beginning of the lifetime of this deployment.
+ "platform": "A String", # Platform hosting this deployment.
+ "resourceUri": [ # Output only. Resource URI for the artifact being deployed taken from the deployable field with the same name.
+ "A String",
+ ],
+ "undeployTime": "A String", # End of the lifetime of this deployment.
+ "userEmail": "A String", # Identity of the user that triggered this deployment.
+ },
+ "discovery": { # Provides information about the analysis status of a discovered resource. # Describes when a resource was discovered.
+ "analysisStatus": "A String", # The status of discovery for the resource.
+ "analysisStatusError": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # When an error is encountered this will contain a LocalizedMessage under details to show to the user. The LocalizedMessage is output only and populated by the API.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "continuousAnalysis": "A String", # Whether the resource is continuously analyzed.
+ "cpe": "A String", # The CPE of the resource being scanned.
+ "lastScanTime": "A String", # The last time this resource was scanned.
+ },
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
+ "baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
+ "distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.
+ "fingerprint": { # A set of properties that uniquely identify a given Docker image. # Required. The fingerprint of the derived image.
+ "v1Name": "A String", # Required. The layer ID of the final layer in the Docker image's v1 representation.
+ "v2Blob": [ # Required. The ordered list of v2 blobs that represent a given image.
+ "A String",
+ ],
+ "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) Only the name of the final blob is kept.
+ },
+ "layerInfo": [ # This contains layer-specific metadata, if populated it has length "distance" and is ordered with [distance] being the layer immediately following the base image and [1] being the final layer.
+ { # Layer holds metadata specific to a layer of a Docker image.
+ "arguments": "A String", # The recovered arguments to the Dockerfile directive.
+ "directive": "A String", # Required. The recovered Dockerfile directive used to construct this layer. See https://docs.docker.com/engine/reference/builder/ for more information.
+ },
+ ],
+ },
+ "kind": "A String", # Output only. This explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
+ "name": "A String", # Output only. The name of the occurrence in the form of `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`.
+ "noteName": "A String", # Required. Immutable. The analysis note associated with this occurrence, in the form of `projects/[PROVIDER_ID]/notes/[NOTE_ID]`. This field can be used as a filter in list requests.
+ "package": { # Details on how a particular software package was installed on a system. # Describes the installation of a package on the linked resource.
+ "location": [ # Required. All of the places within the filesystem versions of this package have been found.
+ { # An occurrence of a particular package installation found within a system's filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+ "cpeUri": "A String", # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.
+ "path": "A String", # The path from which we gathered that this package/version is installed.
+ "version": { # Version contains structured information about the version of a package. # The version installed at this location.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ },
+ ],
+ "name": "A String", # Output only. The name of the installed package.
+ },
+ "remediation": "A String", # A description of actions that can be taken to remedy the note.
+ "resourceUri": "A String", # Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, `https://gcr.io/project/image@sha256:123abc` for a Docker image.
+ "updateTime": "A String", # Output only. The time this occurrence was last updated.
+ "upgrade": { # An Upgrade Occurrence represents that a specific resource_url could install a specific upgrade. This presence is supplied via local sources (i.e. it is present in the mirror and the running system has noticed its availability). For Windows, both distribution and windows_update contain information for the Windows update. # Describes an available package upgrade on the linked resource.
+ "distribution": { # The Upgrade Distribution represents metadata about the Upgrade for each operating system (CPE). Some distributions have additional metadata around updates, classifying them into various categories and severities. # Metadata about the upgrade for available for the specific operating system for the resource_url. This allows efficient filtering, as well as making it easier to use the occurrence.
+ "classification": "A String", # The operating system classification of this Upgrade, as specified by the upstream operating system upgrade feed. For Windows the classification is one of the category_ids listed at https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ff357803(v=vs.85)
+ "cpeUri": "A String", # Required - The specific operating system this metadata applies to. See https://cpe.mitre.org/specification/.
+ "cve": [ # The cve tied to this Upgrade.
+ "A String",
+ ],
+ "severity": "A String", # The severity as specified by the upstream operating system.
+ },
+ "package": "A String", # Required for non-Windows OS. The package this Upgrade is for.
+ "parsedVersion": { # Version contains structured information about the version of a package. # Required for non-Windows OS. The version of the package in a machine + human readable form.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "windowsUpdate": { # Windows Update represents the metadata about the update for the Windows operating system. The fields in this message come from the Windows Update API documented at https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdate. # Required for Windows OS. Represents the metadata about the Windows update.
+ "categories": [ # The list of categories to which the update belongs.
+ { # The category to which the update belongs.
+ "categoryId": "A String", # The identifier of the category.
+ "name": "A String", # The localized name of the category.
+ },
+ ],
+ "description": "A String", # The localized description of the update.
+ "identity": { # The unique identifier of the update. # Required - The unique identifier for the update.
+ "revision": 42, # The revision number of the update.
+ "updateId": "A String", # The revision independent identifier of the update.
+ },
+ "kbArticleIds": [ # The Microsoft Knowledge Base article IDs that are associated with the update.
+ "A String",
+ ],
+ "lastPublishedTimestamp": "A String", # The last published timestamp of the update.
+ "supportUrl": "A String", # The hyperlink to the support information for the update.
+ "title": "A String", # The localized title of the update.
+ },
+ },
+ "vulnerability": { # An occurrence of a severity vulnerability on a resource. # Describes a security vulnerability.
+ "cvssScore": 3.14, # Output only. The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.
+ "effectiveSeverity": "A String", # The distro assigned severity for this vulnerability when it is available, otherwise this is the note provider assigned severity. When there are multiple PackageIssues for this vulnerability, they can have different effective severities because some might be provided by the distro while others are provided by the language ecosystem for a language pack. For this reason, it is advised to use the effective severity on the PackageIssue level. In the case where multiple PackageIssues have differing effective severities, this field should be the highest severity for any of the PackageIssues.
+ "fixAvailable": True or False, # Output only. Whether at least one of the affected packages has a fix available.
+ "longDescription": "A String", # Output only. A detailed description of this vulnerability.
+ "packageIssue": [ # Required. The set of affected locations and their fixes (if available) within the associated resource.
+ { # A detail for a distro and package this vulnerability occurrence was found in and its associated fix (if one is available).
+ "affectedCpeUri": "A String", # Required. The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was found in.
+ "affectedPackage": "A String", # Required. The package this vulnerability was found in.
+ "affectedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package that is installed on the resource affected by this vulnerability.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "effectiveSeverity": "A String", # Output only. The distro or language system assigned severity for this vulnerability when that is available and note provider assigned severity when it is not available.
+ "fixAvailable": True or False, # Output only. Whether a fix is available for this package.
+ "fixedCpeUri": "A String", # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability was fixed in. It is possible for this to be different from the affected_cpe_uri.
+ "fixedPackage": "A String", # The package this vulnerability was fixed in. It is possible for this to be different from the affected_package.
+ "fixedVersion": { # Version contains structured information about the version of a package. # Required. The version of the package this vulnerability was fixed in. Setting this to VersionKind.MAXIMUM means no fix is yet available.
+ "epoch": 42, # Used to correct mistakes in the version numbering scheme.
+ "fullName": "A String", # Human readable version string. This string is of the form :- and is only set when kind is NORMAL.
+ "inclusive": True or False, # Whether this version is specifying part of an inclusive range. Grafeas does not have the capability to specify version ranges; instead we have fields that specify start version and end versions. At times this is insufficient - we also need to specify whether the version is included in the range or is excluded from the range. This boolean is expected to be set to true when the version is included in a range.
+ "kind": "A String", # Required. Distinguishes between sentinel MIN/MAX versions and normal versions.
+ "name": "A String", # Required only when version kind is NORMAL. The main part of the version name.
+ "revision": "A String", # The iteration of the package build from the above version.
+ },
+ "packageType": "A String", # The type of package (e.g. OS, MAVEN, GO).
+ },
+ ],
+ "relatedUrls": [ # Output only. URLs related to this vulnerability.
+ { # Metadata for any related URL information.
+ "label": "A String", # Label to describe usage of the URL.
+ "url": "A String", # Specific URL associated with the resource.
+ },
+ ],
+ "severity": "A String", # Output only. The note provider assigned severity of this vulnerability.
+ "shortDescription": "A String", # Output only. A one sentence description of this vulnerability.
+ "type": "A String", # The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
+ <pre>Sets the access control policy on the specified note or occurrence. Requires `containeranalysis.notes.setIamPolicy` or `containeranalysis.occurrences.setIamPolicy` permission if the resource is a note or an occurrence, respectively. The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `SetIamPolicy` method.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ },
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
+ { # Associates `members` with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+ "expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
+ "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+ "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+ },
+ "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "A String",
+ ],
+ "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ },
+ ],
+ "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+ "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
+ <pre>Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, `containeranalysis.notes.list`). The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for occurrences.
+
+Args:
+ resource: string, REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for `TestIamPermissions` method.
+ "permissions": [ # The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+ "A String",
+ ],
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for `TestIamPermissions` method.
+ "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
+ "A String",
+ ],
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/content_v2_1.promotions.html b/docs/dyn/content_v2_1.promotions.html
index 4436fa6..7310d93 100644
--- a/docs/dyn/content_v2_1.promotions.html
+++ b/docs/dyn/content_v2_1.promotions.html
@@ -112,7 +112,7 @@
},
"genericRedemptionCode": "A String", # Generic redemption code for the promotion. To be used with the above field.
"getThisQuantityDiscounted": 42, # The number of items discounted in the promotion.
- "id": "A String", # Required. Output only. The REST promotion id to uniquely identify the promotion. Content API methods that operate on promotions take this as their promotionId parameter. The REST ID for a promotion is of the form channel:contentLanguage:targetCountry:promotionId The channel field will have a value of "online", "local", or "onlinelocal".
+ "id": "A String", # Required. Output only. The REST promotion id to uniquely identify the promotion. Content API methods that operate on promotions take this as their promotionId parameter. The REST ID for a promotion is of the form channel:contentLanguage:targetCountry:promotionId The channel field will have a value of "online", "in_store", or "online_in_store".
"itemGroupId": [ # Product filter by item group id for the promotion.
"A String",
],
@@ -194,7 +194,7 @@
},
"genericRedemptionCode": "A String", # Generic redemption code for the promotion. To be used with the above field.
"getThisQuantityDiscounted": 42, # The number of items discounted in the promotion.
- "id": "A String", # Required. Output only. The REST promotion id to uniquely identify the promotion. Content API methods that operate on promotions take this as their promotionId parameter. The REST ID for a promotion is of the form channel:contentLanguage:targetCountry:promotionId The channel field will have a value of "online", "local", or "onlinelocal".
+ "id": "A String", # Required. Output only. The REST promotion id to uniquely identify the promotion. Content API methods that operate on promotions take this as their promotionId parameter. The REST ID for a promotion is of the form channel:contentLanguage:targetCountry:promotionId The channel field will have a value of "online", "in_store", or "online_in_store".
"itemGroupId": [ # Product filter by item group id for the promotion.
"A String",
],
diff --git a/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html b/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html
index fd8849e..5c4a3fd 100644
--- a/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html
+++ b/docs/dyn/documentai_v1.projects.locations.processors.processorVersions.html
@@ -291,7 +291,7 @@
# Object with schema name: GoogleCloudDocumentaiV1SchemaEntityType
],
"source": "A String", # Source of this entity type.
- "type": "A String", # Name of the type. It must be unique within the set of same level types.
+ "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names.
},
],
},
@@ -352,7 +352,7 @@
# Object with schema name: GoogleCloudDocumentaiV1SchemaEntityType
],
"source": "A String", # Source of this entity type.
- "type": "A String", # Name of the type. It must be unique within the set of same level types.
+ "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names.
},
],
},
diff --git a/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html b/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html
index 251c172..56ded75 100644
--- a/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html
+++ b/docs/dyn/documentai_v1beta3.projects.locations.processors.processorVersions.html
@@ -300,7 +300,7 @@
# Object with schema name: GoogleCloudDocumentaiV1beta3SchemaEntityType
],
"source": "A String", # Source of this entity type.
- "type": "A String", # Name of the type. It must be unique within the set of same level types.
+ "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names.
},
],
},
@@ -361,7 +361,7 @@
# Object with schema name: GoogleCloudDocumentaiV1beta3SchemaEntityType
],
"source": "A String", # Source of this entity type.
- "type": "A String", # Name of the type. It must be unique within the set of same level types.
+ "type": "A String", # Name of the type. It must satisfy the following constraints: 1. Must be unique within the set of same level types (with case-insensitive match). 2. Maximum 50 characters. 3. Must start with a letter. 4. Allowed characters: ASCII letters [a-zA-Z], ASCII digits [0-9], or one of the following punctuation characters: * underscore '_' (recommended) * hyphen '-' (allowed, not recommended) * colon ':' (allowed, not recommended) NOTE: Whitespace characters are not allowed. 5. Cannot end with a punctuation character. 6. Cannot contain the following restricted strings: "google", "DocumentAI" (case-insensitive match). 7. A slash character '/' is reserved as a separator in flattened representations of nested entity types (e.g., "line_item/amount") in which case each part (e.g., "line_item", "amount") must comply with the rules defined above. We recommend using the snake case ("snake_case") in entity type names.
},
],
},
diff --git a/docs/dyn/firebase_v1beta1.projects.html b/docs/dyn/firebase_v1beta1.projects.html
index dc26697..5f6bc07 100644
--- a/docs/dyn/firebase_v1beta1.projects.html
+++ b/docs/dyn/firebase_v1beta1.projects.html
@@ -293,6 +293,7 @@
{
"analyticsProperty": { # Details of a Google Analytics property # The Analytics Property object associated with the specified `FirebaseProject`. This object contains the details of the Google Analytics property associated with the Project.
+ "analyticsAccountId": "A String", # Output only. The ID of the [Google Analytics account](https://www.google.com/analytics/) for the Google Analytics property associated with the specified FirebaseProject.
"displayName": "A String", # The display name of the Google Analytics property associated with the specified `FirebaseProject`.
"id": "A String", # The globally unique, Google-assigned identifier of the Google Analytics property associated with the specified `FirebaseProject`. If you called [`AddGoogleAnalytics`](../../v1beta1/projects/addGoogleAnalytics) to link the `FirebaseProject` with a Google Analytics account, the value in this `id` field is the same as the ID of the property either specified or provisioned with that call to `AddGoogleAnalytics`.
},
diff --git a/docs/dyn/firebase_v1beta1.projects.iosApps.html b/docs/dyn/firebase_v1beta1.projects.iosApps.html
index 628b5fe..f7c7eb1 100644
--- a/docs/dyn/firebase_v1beta1.projects.iosApps.html
+++ b/docs/dyn/firebase_v1beta1.projects.iosApps.html
@@ -117,6 +117,7 @@
"displayName": "A String", # The user-assigned display name for the `IosApp`.
"name": "A String", # The resource name of the IosApp, in the format: projects/PROJECT_IDENTIFIER /iosApps/APP_ID * PROJECT_IDENTIFIER: the parent Project's [`ProjectNumber`](../projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its [`ProjectId`](../projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). Note that the value for PROJECT_IDENTIFIER in any response body will be the `ProjectId`. * APP_ID: the globally unique, Firebase-assigned identifier for the App (see [`appId`](../projects.iosApps#IosApp.FIELDS.app_id)).
"projectId": "A String", # Immutable. A user-assigned unique identifier of the parent FirebaseProject for the `IosApp`.
+ "teamId": "A String", # The Apple Developer Team ID associated with the App in the App Store.
}
x__xgafv: string, V1 error format.
@@ -169,6 +170,7 @@
"displayName": "A String", # The user-assigned display name for the `IosApp`.
"name": "A String", # The resource name of the IosApp, in the format: projects/PROJECT_IDENTIFIER /iosApps/APP_ID * PROJECT_IDENTIFIER: the parent Project's [`ProjectNumber`](../projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its [`ProjectId`](../projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). Note that the value for PROJECT_IDENTIFIER in any response body will be the `ProjectId`. * APP_ID: the globally unique, Firebase-assigned identifier for the App (see [`appId`](../projects.iosApps#IosApp.FIELDS.app_id)).
"projectId": "A String", # Immutable. A user-assigned unique identifier of the parent FirebaseProject for the `IosApp`.
+ "teamId": "A String", # The Apple Developer Team ID associated with the App in the App Store.
}</pre>
</div>
@@ -217,6 +219,7 @@
"displayName": "A String", # The user-assigned display name for the `IosApp`.
"name": "A String", # The resource name of the IosApp, in the format: projects/PROJECT_IDENTIFIER /iosApps/APP_ID * PROJECT_IDENTIFIER: the parent Project's [`ProjectNumber`](../projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its [`ProjectId`](../projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). Note that the value for PROJECT_IDENTIFIER in any response body will be the `ProjectId`. * APP_ID: the globally unique, Firebase-assigned identifier for the App (see [`appId`](../projects.iosApps#IosApp.FIELDS.app_id)).
"projectId": "A String", # Immutable. A user-assigned unique identifier of the parent FirebaseProject for the `IosApp`.
+ "teamId": "A String", # The Apple Developer Team ID associated with the App in the App Store.
},
],
"nextPageToken": "A String", # If the result list is too large to fit in a single response, then a token is returned. If the string is empty, then this response is the last page of results. This token can be used in a subsequent call to `ListIosApps` to find the next group of Apps. Page tokens are short-lived and should not be persisted.
@@ -253,6 +256,7 @@
"displayName": "A String", # The user-assigned display name for the `IosApp`.
"name": "A String", # The resource name of the IosApp, in the format: projects/PROJECT_IDENTIFIER /iosApps/APP_ID * PROJECT_IDENTIFIER: the parent Project's [`ProjectNumber`](../projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its [`ProjectId`](../projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). Note that the value for PROJECT_IDENTIFIER in any response body will be the `ProjectId`. * APP_ID: the globally unique, Firebase-assigned identifier for the App (see [`appId`](../projects.iosApps#IosApp.FIELDS.app_id)).
"projectId": "A String", # Immutable. A user-assigned unique identifier of the parent FirebaseProject for the `IosApp`.
+ "teamId": "A String", # The Apple Developer Team ID associated with the App in the App Store.
}
updateMask: string, Specifies which fields to update. Note that the fields `name`, `appId`, `projectId`, and `bundleId` are all immutable.
@@ -271,6 +275,7 @@
"displayName": "A String", # The user-assigned display name for the `IosApp`.
"name": "A String", # The resource name of the IosApp, in the format: projects/PROJECT_IDENTIFIER /iosApps/APP_ID * PROJECT_IDENTIFIER: the parent Project's [`ProjectNumber`](../projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its [`ProjectId`](../projects#FirebaseProject.FIELDS.project_id). Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). Note that the value for PROJECT_IDENTIFIER in any response body will be the `ProjectId`. * APP_ID: the globally unique, Firebase-assigned identifier for the App (see [`appId`](../projects.iosApps#IosApp.FIELDS.app_id)).
"projectId": "A String", # Immutable. A user-assigned unique identifier of the parent FirebaseProject for the `IosApp`.
+ "teamId": "A String", # The Apple Developer Team ID associated with the App in the App Store.
}</pre>
</div>
diff --git a/docs/dyn/firebaseappcheck_v1beta.jwks.html b/docs/dyn/firebaseappcheck_v1beta.jwks.html
index 86242fc..f849aeb 100644
--- a/docs/dyn/firebaseappcheck_v1beta.jwks.html
+++ b/docs/dyn/firebaseappcheck_v1beta.jwks.html
@@ -100,7 +100,7 @@
Returns:
An object of the form:
- { # The currently active set of public keys that can be used to verify App Check tokens. This object is a JWK set as specified by [section 5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). For security, the response **must not** be cached for longer than one day.
+ { # The currently active set of public keys that can be used to verify App Check tokens. This object is a JWK set as specified by [section 5 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5). For security, the response **must not** be cached for longer than six hours.
"keys": [ # The set of public keys. See [section 5.1 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-5).
{ # A JWK as specified by [section 4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4) and [section 6.3.1 of RFC 7518](https://tools.ietf.org/html/rfc7518#section-6.3.1).
"alg": "A String", # See [section 4.4 of RFC 7517](https://tools.ietf.org/html/rfc7517#section-4.4).
diff --git a/docs/dyn/firebaseappcheck_v1beta.projects.apps.appAttestConfig.html b/docs/dyn/firebaseappcheck_v1beta.projects.apps.appAttestConfig.html
index 605d454..cfcf0b7 100644
--- a/docs/dyn/firebaseappcheck_v1beta.projects.apps.appAttestConfig.html
+++ b/docs/dyn/firebaseappcheck_v1beta.projects.apps.appAttestConfig.html
@@ -104,7 +104,7 @@
{ # Response message for the BatchGetAppAttestConfigs method.
"configs": [ # AppAttestConfigs retrieved.
- { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAttestation, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
+ { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
"name": "A String", # Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number}/apps/{app_id}/appAttestConfig ```
"tokenTtl": "A String", # Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
},
@@ -131,7 +131,7 @@
Returns:
An object of the form:
- { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAttestation, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
+ { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
"name": "A String", # Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number}/apps/{app_id}/appAttestConfig ```
"tokenTtl": "A String", # Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
}</pre>
@@ -146,7 +146,7 @@
body: object, The request body.
The object takes the form of:
-{ # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAttestation, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
+{ # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
"name": "A String", # Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number}/apps/{app_id}/appAttestConfig ```
"tokenTtl": "A String", # Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
}
@@ -160,7 +160,7 @@
Returns:
An object of the form:
- { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAttestation, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
+ { # An app's App Attest configuration object. This configuration controls certain properties of the App Check token returned by ExchangeAppAttestAttestation and ExchangeAppAttestAssertion, such as its ttl. Note that the Team ID registered with your app is used as part of the validation process. Please register it via the Firebase Console or programmatically via the [Firebase Management Service](https://firebase.google.com/docs/projects/api/reference/rest/v1beta1/projects.iosApps/patch).
"name": "A String", # Required. The relative resource name of the App Attest configuration object, in the format: ``` projects/{project_number}/apps/{app_id}/appAttestConfig ```
"tokenTtl": "A String", # Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid. If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.
}</pre>
diff --git a/docs/dyn/firebaseappcheck_v1beta.projects.apps.debugTokens.html b/docs/dyn/firebaseappcheck_v1beta.projects.apps.debugTokens.html
index 608d2cb..29a528a 100644
--- a/docs/dyn/firebaseappcheck_v1beta.projects.apps.debugTokens.html
+++ b/docs/dyn/firebaseappcheck_v1beta.projects.apps.debugTokens.html
@@ -112,8 +112,8 @@
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
}
x__xgafv: string, V1 error format.
@@ -126,8 +126,8 @@
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
}</pre>
</div>
@@ -165,8 +165,8 @@
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
}</pre>
</div>
@@ -190,8 +190,8 @@
"debugTokens": [ # The DebugTokens retrieved.
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
},
],
"nextPageToken": "A String", # If the result list is too large to fit in a single response, then a token is returned. If the string is empty or omitted, then this response is the last page of results. This token can be used in a subsequent call to ListDebugTokens to find the next group of DebugTokens. Page tokens are short-lived and should not be persisted.
@@ -217,14 +217,14 @@
<pre>Updates the specified DebugToken. For security reasons, the `token` field cannot be updated, nor will it be populated in the response, but you can revoke the debug token using DeleteDebugToken.
Args:
- name: string, The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ``` (required)
+ name: string, Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ``` (required)
body: object, The request body.
The object takes the form of:
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
}
updateMask: string, Required. A comma-separated list of names of fields in the DebugToken to update. Example: `display_name`.
@@ -238,8 +238,8 @@
{ # A *debug token* is a secret used during the development or integration testing of an app. It essentially allows the development or integration testing to bypass app attestation while still allowing App Check to enforce protection on supported production Firebase services.
"displayName": "A String", # Required. A human readable display name used to identify this debug token.
- "name": "A String", # The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
- "token": "A String", # Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
+ "name": "A String", # Required. The relative resource name of the debug token, in the format: ``` projects/{project_number}/apps/{app_id}/debugTokens/{debug_token_id} ```
+ "token": "A String", # Required. Input only. Immutable. The secret token itself. Must be provided during creation, and must be a UUID4, case insensitive. This field is immutable once set, and cannot be provided during an UpdateDebugToken request. You can, however, delete this debug token using DeleteDebugToken to revoke it. For security reasons, this field will never be populated in any response.
}</pre>
</div>
diff --git a/docs/dyn/firebaseappcheck_v1beta.projects.apps.html b/docs/dyn/firebaseappcheck_v1beta.projects.apps.html
index 8ee4946..47225a2 100644
--- a/docs/dyn/firebaseappcheck_v1beta.projects.apps.html
+++ b/docs/dyn/firebaseappcheck_v1beta.projects.apps.html
@@ -104,10 +104,10 @@
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
<code><a href="#exchangeAppAttestAssertion">exchangeAppAttestAssertion(app, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Accepts a AppAttest Artifact and Assertion, and uses the developer's preconfigured auth token to verify the token with Apple. Returns an AttestationToken with the App ID as specified by the `app` field included as attested claims.</p>
+<p class="firstline">Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#exchangeAppAttestAttestation">exchangeAppAttestAttestation(app, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Accepts a AppAttest CBOR Attestation, and uses the developer's preconfigured team and bundle IDs to verify the token with Apple. Returns an Attestation Artifact that can later be exchanged for an AttestationToken in ExchangeAppAttestAssertion.</p>
+<p class="firstline">Accepts an App Attest CBOR attestation and verifies it with Apple using the developer's preconfigured team and bundle IDs. If valid, returns an attestation artifact that can later be exchanged for an AttestationTokenResponse using ExchangeAppAttestAssertion. For convenience and performance, this method's response object will also contain an App Check token encapsulated in an AttestationTokenResponse (if the verification is successful).</p>
<p class="toc_element">
<code><a href="#exchangeCustomToken">exchangeCustomToken(app, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Validates a custom token signed using your project's Admin SDK service account credentials. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
@@ -125,7 +125,7 @@
<p class="firstline">Validates a [SafetyNet token](https://developer.android.com/training/safetynet/attestation#request-attestation-step). If valid, returns an App Check token encapsulated in an AttestationTokenResponse.</p>
<p class="toc_element">
<code><a href="#generateAppAttestChallenge">generateAppAttestChallenge(app, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Initiates the App Attest flow by generating a challenge which will be used as a type of nonce for this attestation.</p>
+<p class="firstline">Generates a challenge that protects the integrity of an immediately following call to ExchangeAppAttestAttestation or ExchangeAppAttestAssertion. A challenge should not be reused for multiple calls.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="close">close()</code>
@@ -134,17 +134,17 @@
<div class="method">
<code class="details" id="exchangeAppAttestAssertion">exchangeAppAttestAssertion(app, body=None, x__xgafv=None)</code>
- <pre>Accepts a AppAttest Artifact and Assertion, and uses the developer's preconfigured auth token to verify the token with Apple. Returns an AttestationToken with the App ID as specified by the `app` field included as attested claims.
+ <pre>Accepts an App Attest assertion and an artifact previously obtained from ExchangeAppAttestAttestation and verifies those with Apple. If valid, returns an App Check token encapsulated in an AttestationTokenResponse.
Args:
- app: string, Required. The full resource name to the iOS App. Format: "projects/{project_id}/apps/{app_id}" (required)
+ app: string, Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. (required)
body: object, The request body.
The object takes the form of:
-{ # Request message for ExchangeAppAttestAssertion
- "artifact": "A String", # The artifact previously returned by ExchangeAppAttestAttestation.
- "assertion": "A String", # The CBOR encoded assertion provided by the Apple App Attest SDK.
- "challenge": "A String", # A one time challenge returned by GenerateAppAttestChallenge.
+{ # Request message for the ExchangeAppAttestAssertion method.
+ "artifact": "A String", # Required. The artifact returned by a previous call to ExchangeAppAttestAttestation.
+ "assertion": "A String", # Required. The CBOR-encoded assertion returned by the client-side App Attest API.
+ "challenge": "A String", # Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge.
}
x__xgafv: string, V1 error format.
@@ -163,16 +163,16 @@
<div class="method">
<code class="details" id="exchangeAppAttestAttestation">exchangeAppAttestAttestation(app, body=None, x__xgafv=None)</code>
- <pre>Accepts a AppAttest CBOR Attestation, and uses the developer's preconfigured team and bundle IDs to verify the token with Apple. Returns an Attestation Artifact that can later be exchanged for an AttestationToken in ExchangeAppAttestAssertion.
+ <pre>Accepts an App Attest CBOR attestation and verifies it with Apple using the developer's preconfigured team and bundle IDs. If valid, returns an attestation artifact that can later be exchanged for an AttestationTokenResponse using ExchangeAppAttestAssertion. For convenience and performance, this method's response object will also contain an App Check token encapsulated in an AttestationTokenResponse (if the verification is successful).
Args:
- app: string, Required. The full resource name to the iOS App. Format: "projects/{project_id}/apps/{app_id}" (required)
+ app: string, Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. (required)
body: object, The request body.
The object takes the form of:
-{ # Request message for ExchangeAppAttestAttestation
- "attestationStatement": "A String", # Required. The App Attest statement as returned by Apple's client-side App Attest API. This is the CBOR object returned by Apple, which will be Base64 encoded in the JSON API.
- "challenge": "A String", # Required. The challenge previously generated by the FAC backend.
+{ # Request message for the ExchangeAppAttestAttestation method.
+ "attestationStatement": "A String", # Required. The App Attest statement returned by the client-side App Attest API. This is a base64url encoded CBOR object in the JSON response.
+ "challenge": "A String", # Required. A one-time challenge returned by an immediately prior call to GenerateAppAttestChallenge.
"keyId": "A String", # Required. The key ID generated by App Attest for the client app.
}
@@ -184,9 +184,9 @@
Returns:
An object of the form:
- { # Response message for ExchangeAppAttestAttestation and ExchangeAppAttestDebugAttestation
- "artifact": "A String", # An artifact that should be passed back during the Assertion flow.
- "attestationToken": { # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check. # An attestation token which can be used to access Firebase APIs.
+ { # Response message for the ExchangeAppAttestAttestation method.
+ "artifact": "A String", # An artifact that can be used in future calls to ExchangeAppAttestAssertion.
+ "attestationToken": { # Encapsulates an *App Check token*, which are used to access Firebase services protected by App Check. # Encapsulates an App Check token.
"attestationToken": "A String", # An App Check token. App Check tokens are signed [JWTs](https://tools.ietf.org/html/rfc7519) containing claims that identify the attested app and Firebase project. This token is used to access Firebase services protected by App Check.
"ttl": "A String", # The duration from the time this token is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
},
@@ -257,7 +257,7 @@
The object takes the form of:
{ # Request message for the ExchangeDeviceCheckToken method.
- "deviceToken": "A String", # Required. The `device_token` as returned by Apple's client-side [DeviceCheck API](https://developer.apple.com/documentation/devicecheck/dcdevice). This is the Base64 encoded `Data` (Swift) or `NSData` (ObjC) object.
+ "deviceToken": "A String", # Required. The `device_token` as returned by Apple's client-side [DeviceCheck API](https://developer.apple.com/documentation/devicecheck/dcdevice). This is the base64 encoded `Data` (Swift) or `NSData` (ObjC) object.
}
x__xgafv: string, V1 error format.
@@ -330,14 +330,14 @@
<div class="method">
<code class="details" id="generateAppAttestChallenge">generateAppAttestChallenge(app, body=None, x__xgafv=None)</code>
- <pre>Initiates the App Attest flow by generating a challenge which will be used as a type of nonce for this attestation.
+ <pre>Generates a challenge that protects the integrity of an immediately following call to ExchangeAppAttestAttestation or ExchangeAppAttestAssertion. A challenge should not be reused for multiple calls.
Args:
- app: string, Required. The full resource name to the iOS App. Format: "projects/{project_id}/apps/{app_id}" (required)
+ app: string, Required. The relative resource name of the iOS app, in the format: ``` projects/{project_number}/apps/{app_id} ``` If necessary, the `project_number` element can be replaced with the project ID of the Firebase project. Learn more about using project identifiers in Google's [AIP 2510](https://google.aip.dev/cloud/2510) standard. (required)
body: object, The request body.
The object takes the form of:
-{ # Request message for GenerateAppAttestChallenge
+{ # Request message for the GenerateAppAttestChallenge method.
}
x__xgafv: string, V1 error format.
@@ -348,9 +348,9 @@
Returns:
An object of the form:
- { # Response object for GenerateAppAttestChallenge
- "challenge": "A String", # A one time use challenge for the client to pass to Apple's App Attest API.
- "ttl": "A String", # The duration from the time this challenge is minted until it is expired. This field is intended to ease client-side token management, since the device may have clock skew, but is still able to accurately measure a duration. This expiration is intended to minimize the replay window within which a single challenge may be reused. See AIP 142 for naming of this field.
+ { # Response message for the GenerateAppAttestChallenge method.
+ "challenge": "A String", # A one-time use challenge for the client to pass to the App Attest API.
+ "ttl": "A String", # The duration from the time this challenge is minted until its expiration. This field is intended to ease client-side token management, since the client may have clock skew, but is still able to accurately measure a duration.
}</pre>
</div>
diff --git a/docs/dyn/index.md b/docs/dyn/index.md
index 7a64b13..6270307 100644
--- a/docs/dyn/index.md
+++ b/docs/dyn/index.md
@@ -304,6 +304,7 @@
## containeranalysis
+* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/containeranalysis_v1.html)
* [v1alpha1](http://googleapis.github.io/google-api-python-client/docs/dyn/containeranalysis_v1alpha1.html)
* [v1beta1](http://googleapis.github.io/google-api-python-client/docs/dyn/containeranalysis_v1beta1.html)
@@ -731,10 +732,6 @@
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/people_v1.html)
-## playablelocations
-* [v3](http://googleapis.github.io/google-api-python-client/docs/dyn/playablelocations_v3.html)
-
-
## playcustomapp
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/playcustomapp_v1.html)
@@ -977,14 +974,14 @@
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/vault_v1.html)
-## vectortile
-* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/vectortile_v1.html)
-
-
## verifiedaccess
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/verifiedaccess_v1.html)
+## versionhistory
+* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/versionhistory_v1.html)
+
+
## videointelligence
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/videointelligence_v1.html)
* [v1beta2](http://googleapis.github.io/google-api-python-client/docs/dyn/videointelligence_v1beta2.html)
@@ -999,6 +996,11 @@
* [v1p2beta1](http://googleapis.github.io/google-api-python-client/docs/dyn/vision_v1p2beta1.html)
+## vmmigration
+* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/vmmigration_v1.html)
+* [v1alpha1](http://googleapis.github.io/google-api-python-client/docs/dyn/vmmigration_v1alpha1.html)
+
+
## webfonts
* [v1](http://googleapis.github.io/google-api-python-client/docs/dyn/webfonts_v1.html)
diff --git a/docs/dyn/localservices_v1.detailedLeadReports.html b/docs/dyn/localservices_v1.detailedLeadReports.html
index e5b381d..1c89566 100644
--- a/docs/dyn/localservices_v1.detailedLeadReports.html
+++ b/docs/dyn/localservices_v1.detailedLeadReports.html
@@ -118,6 +118,13 @@
"aggregatorInfo": { # Conatiner for aggregator specific information if lead is for an aggregator GLS account. # Aggregator specific information related to the lead.
"aggregatorProviderId": "A String", # Provider id (listed in aggregator system) which maps to a account id in GLS system.
},
+ "bookingLead": { # Container for booking lead specific information. # More information associated to only booking leads.
+ "bookingAppointmentTimestamp": "A String", # Timestamp of when service is provided by advertiser.
+ "consumerEmail": "A String", # Consumer email associated with the booking lead.
+ "consumerPhoneNumber": "A String", # Consumer phone number associated with the booking lead.
+ "customerName": "A String", # Name of the customer who created the lead.
+ "jobType": "A String", # The job type of the specified lead.
+ },
"businessName": "A String", # Business name associated to the account.
"chargeStatus": "A String", # Whether the lead has been charged.
"currencyCode": "A String", # Currency code.
diff --git a/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html b/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
index 5d54cb5..c2a51f3 100644
--- a/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
+++ b/docs/dyn/networkmanagement_v1beta1.projects.locations.global_.connectivityTests.html
@@ -126,6 +126,9 @@
"createTime": "A String", # Output only. The time the test was created.
"description": "A String", # The user-supplied description of the Connectivity Test. Maximum of 512 characters.
"destination": { # Source or destination of the Connectivity Test. # Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -344,6 +347,9 @@
"A String",
],
"source": { # Source or destination of the Connectivity Test. # Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -439,6 +445,9 @@
"createTime": "A String", # Output only. The time the test was created.
"description": "A String", # The user-supplied description of the Connectivity Test. Maximum of 512 characters.
"destination": { # Source or destination of the Connectivity Test. # Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -657,6 +666,9 @@
"A String",
],
"source": { # Source or destination of the Connectivity Test. # Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -743,6 +755,9 @@
"createTime": "A String", # Output only. The time the test was created.
"description": "A String", # The user-supplied description of the Connectivity Test. Maximum of 512 characters.
"destination": { # Source or destination of the Connectivity Test. # Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -961,6 +976,9 @@
"A String",
],
"source": { # Source or destination of the Connectivity Test. # Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -1006,6 +1024,9 @@
"createTime": "A String", # Output only. The time the test was created.
"description": "A String", # The user-supplied description of the Connectivity Test. Maximum of 512 characters.
"destination": { # Source or destination of the Connectivity Test. # Required. Destination specification of the Connectivity Test. You can use a combination of destination IP address, Compute Engine VM instance, or VPC network to uniquely identify the destination location. Even if the destination IP address is not unique, the source IP location is unique. Usually, the analysis can infer the destination endpoint from route information. If the destination you specify is a VM instance and the instance has multiple network interfaces, then you must also specify either a destination IP address or VPC network to identify the destination interface. A reachability analysis proceeds even if the destination location is ambiguous. However, the result can include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
@@ -1224,6 +1245,9 @@
"A String",
],
"source": { # Source or destination of the Connectivity Test. # Required. Source specification of the Connectivity Test. You can use a combination of source IP address, virtual machine (VM) instance, or Compute Engine network to uniquely identify the source location. Examples: If the source IP address is an internal IP address within a Google Cloud Virtual Private Cloud (VPC) network, then you must also specify the VPC network. Otherwise, specify the VM instance, which already contains its internal IP address and VPC network information. If the source of the test is within an on-premises network, then you must provide the destination VPC network. If the source endpoint is a Compute Engine VM instance with multiple network interfaces, the instance itself is not sufficient to identify the endpoint. So, you must also specify the source IP address or VPC network. A reachability analysis proceeds even if the source location is ambiguous. However, the test result may include endpoints that you don't intend to test.
+ "cloudFunction": { # Wrapper for cloud function attributes. # A [Cloud function](https://cloud.google.com/functions).
+ "uri": "A String", # A [Cloud function](https://cloud.google.com/functions) name.
+ },
"cloudSqlInstance": "A String", # A [Cloud SQL](https://cloud.google.com/sql) instance URI.
"gkeMasterCluster": "A String", # A cluster URI for [Google Kubernetes Engine master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture).
"instance": "A String", # A Compute Engine instance URI.
diff --git a/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html b/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
index aa1d497..9f24b7d 100644
--- a/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
+++ b/docs/dyn/paymentsresellersubscription_v1.partners.subscriptions.html
@@ -88,7 +88,7 @@
<p class="firstline">Used by partners to entitle a previously provisioned subscription to the current end user. The end user identity is inferred from the authorized credential of the request. This API must be authorized by the end user using OAuth.</p>
<p class="toc_element">
<code><a href="#extend">extend(name, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Used by partners to extend a subscription service for their customers. It should be called directly by the partner using service accounts.</p>
+<p class="firstline">Used by partners to extend a subscription service for their customers on an ongoing basis for the subscription to remain active and renewable. It should be called directly by the partner using service accounts.</p>
<p class="toc_element">
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Used by partners to get a subscription by id. It should be called directly by the partner using service accounts.</p>
@@ -109,7 +109,7 @@
The object takes the form of:
{
- "cancelImmediately": True or False, # Optional. If true, the subscription will be cancelled immediately. Otherwise, the subscription will be cancelled at the end of the current cycle, and therefore no prorated refund will be issued for the rest of the cycle.
+ "cancelImmediately": True or False, # Optional. If true, the subscription will be cancelled immediately. Otherwise, the subscription will be cancelled at renewal_time, and therefore no prorated refund will be issued for the rest of the cycle.
"cancellationReason": "A String", # Specifies the reason for the cancellation.
}
@@ -293,7 +293,7 @@
<div class="method">
<code class="details" id="extend">extend(name, body=None, x__xgafv=None)</code>
- <pre>Used by partners to extend a subscription service for their customers. It should be called directly by the partner using service accounts.
+ <pre>Used by partners to extend a subscription service for their customers on an ongoing basis for the subscription to remain active and renewable. It should be called directly by the partner using service accounts.
Args:
name: string, Required. The name of the subscription resource to be extended. It will have the format of "partners/{partner_id}/subscriptions/{subscription_id}". (required)
diff --git a/docs/dyn/policysimulator_v1.folders.locations.replays.html b/docs/dyn/policysimulator_v1.folders.locations.replays.html
index 4ddabb6..d75aa89 100644
--- a/docs/dyn/policysimulator_v1.folders.locations.replays.html
+++ b/docs/dyn/policysimulator_v1.folders.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1.folders.locations.replays.results.html b/docs/dyn/policysimulator_v1.folders.locations.replays.results.html
index ed9569a..4da3b51 100644
--- a/docs/dyn/policysimulator_v1.folders.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1.folders.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1.organizations.locations.replays.html b/docs/dyn/policysimulator_v1.organizations.locations.replays.html
index d22fdef..604e58a 100644
--- a/docs/dyn/policysimulator_v1.organizations.locations.replays.html
+++ b/docs/dyn/policysimulator_v1.organizations.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1.organizations.locations.replays.results.html b/docs/dyn/policysimulator_v1.organizations.locations.replays.results.html
index 961a6ef..ccb144f 100644
--- a/docs/dyn/policysimulator_v1.organizations.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1.organizations.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1.projects.locations.replays.html b/docs/dyn/policysimulator_v1.projects.locations.replays.html
index 5aa4786..96a6eea 100644
--- a/docs/dyn/policysimulator_v1.projects.locations.replays.html
+++ b/docs/dyn/policysimulator_v1.projects.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1.projects.locations.replays.results.html b/docs/dyn/policysimulator_v1.projects.locations.replays.results.html
index 909f781..5b90f47 100644
--- a/docs/dyn/policysimulator_v1.projects.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1.projects.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.folders.locations.replays.html b/docs/dyn/policysimulator_v1beta1.folders.locations.replays.html
index 4f0ba76..b0c90bb 100644
--- a/docs/dyn/policysimulator_v1beta1.folders.locations.replays.html
+++ b/docs/dyn/policysimulator_v1beta1.folders.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.folders.locations.replays.results.html b/docs/dyn/policysimulator_v1beta1.folders.locations.replays.results.html
index da00c71..5173102 100644
--- a/docs/dyn/policysimulator_v1beta1.folders.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1beta1.folders.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.html b/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.html
index da30cca..f705a29 100644
--- a/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.html
+++ b/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.results.html b/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.results.html
index b19bbeb..f17a14a 100644
--- a/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1beta1.organizations.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.projects.locations.replays.html b/docs/dyn/policysimulator_v1beta1.projects.locations.replays.html
index 02068c9..73f9a14 100644
--- a/docs/dyn/policysimulator_v1beta1.projects.locations.replays.html
+++ b/docs/dyn/policysimulator_v1beta1.projects.locations.replays.html
@@ -107,7 +107,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -121,18 +121,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -207,7 +207,7 @@
"config": { # The configuration used for a Replay. # Required. The configuration used for the `Replay`.
"logSource": "A String", # The logs to use as input for the Replay.
"policyOverlay": { # A mapping of the resources that you want to simulate policies for and the policies that you want to simulate. Keys are the full resource names for the resources. For example, `//cloudresourcemanager.googleapis.com/projects/my-project`. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names. Values are Policy objects representing the policies that you want to simulate. Replays automatically take into account any IAM policies inherited through the resource hierarchy, and any policies set on descendant resources. You do not need to include these policies in the policy overlay.
- "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ "a_key": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -221,18 +221,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/policysimulator_v1beta1.projects.locations.replays.results.html b/docs/dyn/policysimulator_v1beta1.projects.locations.replays.results.html
index ca93e9e..1023e7f 100644
--- a/docs/dyn/policysimulator_v1beta1.projects.locations.replays.results.html
+++ b/docs/dyn/policysimulator_v1beta1.projects.locations.replays.results.html
@@ -155,7 +155,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -228,7 +228,7 @@
},
],
"fullResourceName": "A String", # The full resource name that identifies the resource. For example, `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If the user who created the Replay does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # The IAM policy attached to the resource. If the user who created the Replay does not have access to the policy, this field is empty.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -242,18 +242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html b/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
index ae9c1a9..6e5d537 100644
--- a/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
+++ b/docs/dyn/privateca_v1.projects.locations.caPools.certificateAuthorities.certificateRevocationLists.html
@@ -155,7 +155,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -169,18 +169,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -321,7 +321,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -335,18 +335,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -363,7 +363,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -377,18 +377,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1.projects.locations.caPools.html b/docs/dyn/privateca_v1.projects.locations.caPools.html
index d94ecc2..35a4c17 100644
--- a/docs/dyn/privateca_v1.projects.locations.caPools.html
+++ b/docs/dyn/privateca_v1.projects.locations.caPools.html
@@ -475,7 +475,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -489,18 +489,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -813,7 +813,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -827,18 +827,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -855,7 +855,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -869,18 +869,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html b/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
index b76438a..39ba33d 100644
--- a/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
+++ b/docs/dyn/privateca_v1.projects.locations.certificateTemplates.html
@@ -390,7 +390,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -404,18 +404,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -688,7 +688,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -702,18 +702,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -730,7 +730,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -744,18 +744,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
index d4543c5..ea2531e 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.certificateRevocationLists.html
@@ -154,7 +154,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -168,18 +168,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -318,7 +318,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -332,18 +332,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -360,7 +360,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -374,18 +374,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
index 29329dd..c5295d3 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.certificateAuthorities.html
@@ -1189,7 +1189,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -1203,18 +1203,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -2228,7 +2228,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -2242,18 +2242,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -2270,7 +2270,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -2284,18 +2284,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html b/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
index 3dee277..5b390e1 100644
--- a/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
+++ b/docs/dyn/privateca_v1beta1.projects.locations.reusableConfigs.html
@@ -196,7 +196,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -210,18 +210,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -345,7 +345,7 @@
The object takes the form of:
{ # Request message for `SetIamPolicy` method.
- "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
+ "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -359,18 +359,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
@@ -387,7 +387,7 @@
Returns:
An object of the form:
- { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
{ # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
"auditLogConfigs": [ # The configuration for logging of each type of permission.
@@ -401,18 +401,18 @@
"service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
},
],
- "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
- { # Associates `members` with a `role`.
- "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
+ { # Associates `members`, or principals, with a `role`.
+ "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
"description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language syntax.
"location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
},
- "members": [ # Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
+ "members": [ # Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
"A String",
],
- "role": "A String", # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+ "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
},
],
"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
diff --git a/docs/dyn/realtimebidding_v1.bidders.endpoints.html b/docs/dyn/realtimebidding_v1.bidders.endpoints.html
index bf576a1..0104038 100644
--- a/docs/dyn/realtimebidding_v1.bidders.endpoints.html
+++ b/docs/dyn/realtimebidding_v1.bidders.endpoints.html
@@ -86,6 +86,9 @@
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates a bidder's endpoint.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="close">close()</code>
@@ -159,4 +162,39 @@
</pre>
</div>
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates a bidder's endpoint.
+
+Args:
+ name: string, Output only. Name of the endpoint resource that must follow the pattern `bidders/{bidderAccountId}/endpoints/{endpointId}`, where {bidderAccountId} is the account ID of the bidder who operates this endpoint, and {endpointId} is a unique ID assigned by the server. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Bidder endpoint that receives bid requests.
+ "bidProtocol": "A String", # The protocol that the bidder endpoint is using.
+ "maximumQps": "A String", # The maximum number of queries per second allowed to be sent to this server.
+ "name": "A String", # Output only. Name of the endpoint resource that must follow the pattern `bidders/{bidderAccountId}/endpoints/{endpointId}`, where {bidderAccountId} is the account ID of the bidder who operates this endpoint, and {endpointId} is a unique ID assigned by the server.
+ "tradingLocation": "A String", # The trading location that bid requests should be sent from. See https://developers.google.com/authorized-buyers/rtb/peer-guide#trading-locations for further information.
+ "url": "A String", # Output only. The URL that bid requests should be sent to.
+}
+
+ updateMask: string, Field mask to use for partial in-place updates.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Bidder endpoint that receives bid requests.
+ "bidProtocol": "A String", # The protocol that the bidder endpoint is using.
+ "maximumQps": "A String", # The maximum number of queries per second allowed to be sent to this server.
+ "name": "A String", # Output only. Name of the endpoint resource that must follow the pattern `bidders/{bidderAccountId}/endpoints/{endpointId}`, where {bidderAccountId} is the account ID of the bidder who operates this endpoint, and {endpointId} is a unique ID assigned by the server.
+ "tradingLocation": "A String", # The trading location that bid requests should be sent from. See https://developers.google.com/authorized-buyers/rtb/peer-guide#trading-locations for further information.
+ "url": "A String", # Output only. The URL that bid requests should be sent to.
+}</pre>
+</div>
+
</body></html>
\ No newline at end of file
diff --git a/docs/dyn/retail_v2.projects.locations.catalogs.placements.html b/docs/dyn/retail_v2.projects.locations.catalogs.placements.html
index 3fb3e20..759cba4 100644
--- a/docs/dyn/retail_v2.projects.locations.catalogs.placements.html
+++ b/docs/dyn/retail_v2.projects.locations.catalogs.placements.html
@@ -384,6 +384,7 @@
"condition": "A String", # The condition under which query expansion should occur. Default to Condition.DISABLED.
"pinUnexpandedResults": True or False, # Whether to pin unexpanded results. If this field is set to true, unexpanded products are always at the top of the search results, followed by the expanded results.
},
+ "searchMode": "A String", # The search mode of the search request. If not specified, a single search request triggers both product search and faceted search.
"userInfo": { # Information of an end user. # User information.
"directUserRequest": True or False, # True if the request is made directly from the end user, in which case the ip_address and user_agent can be populated from the HTTP request. This flag should be set only if the API request is made directly from the end user such as a mobile app (and not if a gateway or a server is processing and pushing the user events). This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent.
"ipAddress": "A String", # The end user's IP address. Required for getting SearchResponse.sponsored_results. This field is used to extract location information for personalization. This field must be either an IPv4 address (e.g. "104.133.9.80") or an IPv6 address (e.g. "2001:0db8:85a3:0000:0000:8a2e:0370:7334"). Otherwise, an INVALID_ARGUMENT error is returned. This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent or if direct_user_request is set.
diff --git a/docs/dyn/retail_v2alpha.projects.locations.catalogs.placements.html b/docs/dyn/retail_v2alpha.projects.locations.catalogs.placements.html
index dfafb21..618a074 100644
--- a/docs/dyn/retail_v2alpha.projects.locations.catalogs.placements.html
+++ b/docs/dyn/retail_v2alpha.projects.locations.catalogs.placements.html
@@ -385,6 +385,7 @@
"pinUnexpandedResults": True or False, # Whether to pin unexpanded results. If this field is set to true, unexpanded products are always at the top of the search results, followed by the expanded results.
},
"relevanceThreshold": "A String", # The relevance threshold of the search results. Defaults to RelevanceThreshold.HIGH, which means only the most relevant results are shown, and the least number of results are returned. See more details at this [user guide](https://cloud.google.com/retail/docs/result-size#relevance_thresholding).
+ "searchMode": "A String", # The search mode of the search request. If not specified, a single search request triggers both product search and faceted search.
"userInfo": { # Information of an end user. # User information.
"directUserRequest": True or False, # True if the request is made directly from the end user, in which case the ip_address and user_agent can be populated from the HTTP request. This flag should be set only if the API request is made directly from the end user such as a mobile app (and not if a gateway or a server is processing and pushing the user events). This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent.
"ipAddress": "A String", # The end user's IP address. Required for getting SearchResponse.sponsored_results. This field is used to extract location information for personalization. This field must be either an IPv4 address (e.g. "104.133.9.80") or an IPv6 address (e.g. "2001:0db8:85a3:0000:0000:8a2e:0370:7334"). Otherwise, an INVALID_ARGUMENT error is returned. This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent or if direct_user_request is set.
diff --git a/docs/dyn/retail_v2beta.projects.locations.catalogs.placements.html b/docs/dyn/retail_v2beta.projects.locations.catalogs.placements.html
index 74c47cc..45fe3a2 100644
--- a/docs/dyn/retail_v2beta.projects.locations.catalogs.placements.html
+++ b/docs/dyn/retail_v2beta.projects.locations.catalogs.placements.html
@@ -384,6 +384,7 @@
"condition": "A String", # The condition under which query expansion should occur. Default to Condition.DISABLED.
"pinUnexpandedResults": True or False, # Whether to pin unexpanded results. If this field is set to true, unexpanded products are always at the top of the search results, followed by the expanded results.
},
+ "searchMode": "A String", # The search mode of the search request. If not specified, a single search request triggers both product search and faceted search.
"userInfo": { # Information of an end user. # User information.
"directUserRequest": True or False, # True if the request is made directly from the end user, in which case the ip_address and user_agent can be populated from the HTTP request. This flag should be set only if the API request is made directly from the end user such as a mobile app (and not if a gateway or a server is processing and pushing the user events). This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent.
"ipAddress": "A String", # The end user's IP address. Required for getting SearchResponse.sponsored_results. This field is used to extract location information for personalization. This field must be either an IPv4 address (e.g. "104.133.9.80") or an IPv6 address (e.g. "2001:0db8:85a3:0000:0000:8a2e:0370:7334"). Otherwise, an INVALID_ARGUMENT error is returned. This should not be set when using the JavaScript tag in UserEventService.CollectUserEvent or if direct_user_request is set.
diff --git a/docs/dyn/slides_v1.presentations.html b/docs/dyn/slides_v1.presentations.html
index bee6c9e..1eaf511 100644
--- a/docs/dyn/slides_v1.presentations.html
+++ b/docs/dyn/slides_v1.presentations.html
@@ -777,7 +777,1014 @@
"isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
"layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
"masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
+ "notesPage": { # A page in a presentation. # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
+ "layoutProperties": { # The properties of Page are only relevant for pages with page_type LAYOUT. # Layout specific properties. Only set if page_type = LAYOUT.
+ "displayName": "A String", # The human-readable name of the layout.
+ "masterObjectId": "A String", # The object ID of the master that this layout is based on.
+ "name": "A String", # The name of the layout.
+ },
+ "masterProperties": { # The properties of Page that are only relevant for pages with page_type MASTER. # Master specific properties. Only set if page_type = MASTER.
+ "displayName": "A String", # The human-readable name of the master.
+ },
+ "notesProperties": { # The properties of Page that are only relevant for pages with page_type NOTES. # Notes specific properties. Only set if page_type = NOTES.
+ "speakerNotesObjectId": "A String", # The object ID of the shape on this notes page that contains the speaker notes for the corresponding slide. The actual shape may not always exist on the notes page. Inserting text using this object ID will automatically create the shape. In this case, the actual shape may have different object ID. The `GetPresentation` or `GetPage` action will always return the latest object ID.
+ },
+ "objectId": "A String", # The object ID for this page. Object IDs used by Page and PageElement share the same namespace.
+ "pageElements": [ # The page elements rendered on the page.
+ { # A visual element rendered on a page.
+ "description": "A String", # The description of the page element. Combined with title to display alt text. The field is not supported for Group elements.
+ "elementGroup": { # A PageElement kind representing a joined collection of PageElements. # A collection of page elements joined as a single unit.
+ "children": [ # The collection of elements in the group. The minimum size of a group is 2.
+ # Object with schema name: PageElement
+ ],
+ },
+ "image": { # A PageElement kind representing an image. # An image page element.
+ "contentUrl": "A String", # An URL to an image with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the image as the original requester. Access to the image may be lost if the presentation's sharing settings change.
+ "imageProperties": { # The properties of the Image. # The properties of the image.
+ "brightness": 3.14, # The brightness effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+ "contrast": 3.14, # The contrast effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+ "cropProperties": { # The crop properties of an object enclosed in a container. For example, an Image. The crop properties is represented by the offsets of four edges which define a crop rectangle. The offsets are measured in percentage from the corresponding edges of the object's original bounding rectangle towards inside, relative to the object's original dimensions. - If the offset is in the interval (0, 1), the corresponding edge of crop rectangle is positioned inside of the object's original bounding rectangle. - If the offset is negative or greater than 1, the corresponding edge of crop rectangle is positioned outside of the object's original bounding rectangle. - If the left edge of the crop rectangle is on the right side of its right edge, the object will be flipped horizontally. - If the top edge of the crop rectangle is below its bottom edge, the object will be flipped vertically. - If all offsets and rotation angle is 0, the object is not cropped. After cropping, the content in the crop rectangle will be stretched to fit its container. # The crop properties of the image. If not set, the image is not cropped. This property is read-only.
+ "angle": 3.14, # The rotation angle of the crop window around its center, in radians. Rotation angle is applied after the offset.
+ "bottomOffset": 3.14, # The offset specifies the bottom edge of the crop rectangle that is located above the original bounding rectangle bottom edge, relative to the object's original height.
+ "leftOffset": 3.14, # The offset specifies the left edge of the crop rectangle that is located to the right of the original bounding rectangle left edge, relative to the object's original width.
+ "rightOffset": 3.14, # The offset specifies the right edge of the crop rectangle that is located to the left of the original bounding rectangle right edge, relative to the object's original width.
+ "topOffset": 3.14, # The offset specifies the top edge of the crop rectangle that is located below the original bounding rectangle top edge, relative to the object's original height.
+ },
+ "link": { # A hypertext link. # The hyperlink destination of the image. If unset, there is no link.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the image. If not set, the image has no outline.
+ "dashStyle": "A String", # The dash style of the outline.
+ "outlineFill": { # The fill of the outline. # The fill of the outline.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "recolor": { # A recolor effect applied on an image. # The recolor effect of the image. If not set, the image is not recolored. This property is read-only.
+ "name": "A String", # The name of the recolor effect. The name is determined from the `recolor_stops` by matching the gradient against the colors in the page's current color scheme. This property is read-only.
+ "recolorStops": [ # The recolor effect is represented by a gradient, which is a list of color stops. The colors in the gradient will replace the corresponding colors at the same position in the color palette and apply to the image. This property is read-only.
+ { # A color and position in a gradient band.
+ "alpha": 3.14, # The alpha value of this color in the gradient band. Defaults to 1.0, fully opaque.
+ "color": { # A themeable solid color value. # The color of the gradient stop.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ "position": 3.14, # The relative position of the color stop in the gradient band measured in percentage. The value should be in the interval [0.0, 1.0].
+ },
+ ],
+ },
+ "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow of the image. If not set, the image has no shadow. This property is read-only.
+ "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+ "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+ "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "color": { # A themeable solid color value. # The shadow color value.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+ "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+ "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+ "scaleX": 3.14, # The X coordinate scaling element.
+ "scaleY": 3.14, # The Y coordinate scaling element.
+ "shearX": 3.14, # The X coordinate shearing element.
+ "shearY": 3.14, # The Y coordinate shearing element.
+ "translateX": 3.14, # The X coordinate translation element.
+ "translateY": 3.14, # The Y coordinate translation element.
+ "unit": "A String", # The units for translate elements.
+ },
+ "type": "A String", # The type of the shadow. This property is read-only.
+ },
+ "transparency": 3.14, # The transparency effect of the image. The value should be in the interval [0.0, 1.0], where 0 means no effect and 1 means completely transparent. This property is read-only.
+ },
+ "placeholder": { # The placeholder information that uniquely identifies a placeholder shape. # Placeholders are page elements that inherit from corresponding placeholders on layouts and masters. If set, the image is a placeholder image and any inherited properties can be resolved by looking at the parent placeholder identified by the Placeholder.parent_object_id field.
+ "index": 42, # The index of the placeholder. If the same placeholder types are present in the same page, they would have different index values.
+ "parentObjectId": "A String", # The object ID of this shape's parent placeholder. If unset, the parent placeholder shape does not exist, so the shape does not inherit properties from any other shape.
+ "type": "A String", # The type of the placeholder.
+ },
+ "sourceUrl": "A String", # The source URL is the URL used to insert the image. The source URL can be empty.
+ },
+ "line": { # A PageElement kind representing a non-connector line, straight connector, curved connector, or bent connector. # A line page element.
+ "lineCategory": "A String", # The category of the line. It matches the `category` specified in CreateLineRequest, and can be updated with UpdateLineCategoryRequest.
+ "lineProperties": { # The properties of the Line. When unset, these fields default to values that match the appearance of new lines created in the Slides editor. # The properties of the line.
+ "dashStyle": "A String", # The dash style of the line.
+ "endArrow": "A String", # The style of the arrow at the end of the line.
+ "endConnection": { # The properties for one end of a Line connection. # The connection at the end of the line. If unset, there is no connection. Only lines with a Type indicating it is a "connector" can have an `end_connection`.
+ "connectedObjectId": "A String", # The object ID of the connected page element. Some page elements, such as groups, tables, and lines do not have connection sites and therefore cannot be connected to a connector line.
+ "connectionSiteIndex": 42, # The index of the connection site on the connected page element. In most cases, it corresponds to the predefined connection site index from the ECMA-376 standard. More information on those connection sites can be found in the description of the "cnx" attribute in section 20.1.9.9 and Annex H. "Predefined DrawingML Shape and Text Geometries" of "Office Open XML File Formats-Fundamentals and Markup Language Reference", part 1 of [ECMA-376 5th edition] (http://www.ecma-international.org/publications/standards/Ecma-376.htm). The position of each connection site can also be viewed from Slides editor.
+ },
+ "lineFill": { # The fill of the line. # The fill of the line. The default line fill matches the defaults for new lines created in the Slides editor.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "link": { # A hypertext link. # The hyperlink destination of the line. If unset, there is no link.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "startArrow": "A String", # The style of the arrow at the beginning of the line.
+ "startConnection": { # The properties for one end of a Line connection. # The connection at the beginning of the line. If unset, there is no connection. Only lines with a Type indicating it is a "connector" can have a `start_connection`.
+ "connectedObjectId": "A String", # The object ID of the connected page element. Some page elements, such as groups, tables, and lines do not have connection sites and therefore cannot be connected to a connector line.
+ "connectionSiteIndex": 42, # The index of the connection site on the connected page element. In most cases, it corresponds to the predefined connection site index from the ECMA-376 standard. More information on those connection sites can be found in the description of the "cnx" attribute in section 20.1.9.9 and Annex H. "Predefined DrawingML Shape and Text Geometries" of "Office Open XML File Formats-Fundamentals and Markup Language Reference", part 1 of [ECMA-376 5th edition] (http://www.ecma-international.org/publications/standards/Ecma-376.htm). The position of each connection site can also be viewed from Slides editor.
+ },
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the line.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "lineType": "A String", # The type of the line.
+ },
+ "objectId": "A String", # The object ID for this page element. Object IDs used by google.apps.slides.v1.Page and google.apps.slides.v1.PageElement share the same namespace.
+ "shape": { # A PageElement kind representing a generic shape that does not have a more specific classification. # A generic shape.
+ "placeholder": { # The placeholder information that uniquely identifies a placeholder shape. # Placeholders are page elements that inherit from corresponding placeholders on layouts and masters. If set, the shape is a placeholder shape and any inherited properties can be resolved by looking at the parent placeholder identified by the Placeholder.parent_object_id field.
+ "index": 42, # The index of the placeholder. If the same placeholder types are present in the same page, they would have different index values.
+ "parentObjectId": "A String", # The object ID of this shape's parent placeholder. If unset, the parent placeholder shape does not exist, so the shape does not inherit properties from any other shape.
+ "type": "A String", # The type of the placeholder.
+ },
+ "shapeProperties": { # The properties of a Shape. If the shape is a placeholder shape as determined by the placeholder field, then these properties may be inherited from a parent placeholder shape. Determining the rendered value of the property depends on the corresponding property_state field value. Any text autofit settings on the shape are automatically deactivated by requests that can impact how text fits in the shape. # The properties of the shape.
+ "autofit": { # The autofit properties of a Shape. # The autofit properties of the shape. This property is only set for shapes that allow text.
+ "autofitType": "A String", # The autofit type of the shape. If the autofit type is AUTOFIT_TYPE_UNSPECIFIED, the autofit type is inherited from a parent placeholder if it exists. The field is automatically set to NONE if a request is made that might affect text fitting within its bounding text box. In this case the font_scale is applied to the font_size and the line_spacing_reduction is applied to the line_spacing. Both properties are also reset to default values.
+ "fontScale": 3.14, # The font scale applied to the shape. For shapes with autofit_type NONE or SHAPE_AUTOFIT, this value is the default value of 1. For TEXT_AUTOFIT, this value multiplied by the font_size gives the font size that is rendered in the editor. This property is read-only.
+ "lineSpacingReduction": 3.14, # The line spacing reduction applied to the shape. For shapes with autofit_type NONE or SHAPE_AUTOFIT, this value is the default value of 0. For TEXT_AUTOFIT, this value subtracted from the line_spacing gives the line spacing that is rendered in the editor. This property is read-only.
+ },
+ "contentAlignment": "A String", # The alignment of the content in the shape. If unspecified, the alignment is inherited from a parent placeholder if it exists. If the shape has no parent, the default alignment matches the alignment for new shapes created in the Slides editor.
+ "link": { # A hypertext link. # The hyperlink destination of the shape. If unset, there is no link. Links are not inherited from parent placeholders.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the shape. If unset, the outline is inherited from a parent placeholder if it exists. If the shape has no parent, then the default outline depends on the shape type, matching the defaults for new shapes created in the Slides editor.
+ "dashStyle": "A String", # The dash style of the outline.
+ "outlineFill": { # The fill of the outline. # The fill of the outline.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow properties of the shape. If unset, the shadow is inherited from a parent placeholder if it exists. If the shape has no parent, then the default shadow matches the defaults for new shapes created in the Slides editor. This property is read-only.
+ "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+ "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+ "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "color": { # A themeable solid color value. # The shadow color value.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+ "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+ "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+ "scaleX": 3.14, # The X coordinate scaling element.
+ "scaleY": 3.14, # The Y coordinate scaling element.
+ "shearX": 3.14, # The X coordinate shearing element.
+ "shearY": 3.14, # The Y coordinate shearing element.
+ "translateX": 3.14, # The X coordinate translation element.
+ "translateY": 3.14, # The Y coordinate translation element.
+ "unit": "A String", # The units for translate elements.
+ },
+ "type": "A String", # The type of the shadow. This property is read-only.
+ },
+ "shapeBackgroundFill": { # The shape background fill. # The background fill of the shape. If unset, the background fill is inherited from a parent placeholder if it exists. If the shape has no parent, then the default background fill depends on the shape type, matching the defaults for new shapes created in the Slides editor.
+ "propertyState": "A String", # The background fill property state. Updating the fill on a shape will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a shape, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ },
+ "shapeType": "A String", # The type of the shape.
+ "text": { # The general text content. The text must reside in a compatible shape (e.g. text box or rectangle) or a table cell in a page. # The text content of the shape.
+ "lists": { # The bulleted lists contained in this text, keyed by list ID.
+ "a_key": { # A List describes the look and feel of bullets belonging to paragraphs associated with a list. A paragraph that is part of a list has an implicit reference to that list's ID.
+ "listId": "A String", # The ID of the list.
+ "nestingLevel": { # A map of nesting levels to the properties of bullets at the associated level. A list has at most nine levels of nesting, so the possible values for the keys of this map are 0 through 8, inclusive.
+ "a_key": { # Contains properties describing the look and feel of a list bullet at a given level of nesting.
+ "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The style of a bullet at this level of nesting.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ },
+ },
+ },
+ },
+ "textElements": [ # The text contents broken down into its component parts, including styling information. This property is read-only.
+ { # A TextElement describes the content of a range of indices in the text content of a Shape or TableCell.
+ "autoText": { # A TextElement kind that represents auto text. # A TextElement representing a spot in the text that is dynamically replaced with content that can change over time.
+ "content": "A String", # The rendered content of this auto text, if available.
+ "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this auto text.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ "type": "A String", # The type of this auto text.
+ },
+ "endIndex": 42, # The zero-based end index of this text element, exclusive, in Unicode code units.
+ "paragraphMarker": { # A TextElement kind that represents the beginning of a new paragraph. # A marker representing the beginning of a new paragraph. The `start_index` and `end_index` of this TextElement represent the range of the paragraph. Other TextElements with an index range contained inside this paragraph's range are considered to be part of this paragraph. The range of indices of two separate paragraphs will never overlap.
+ "bullet": { # Describes the bullet of a paragraph. # The bullet for this paragraph. If not present, the paragraph does not belong to a list.
+ "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The paragraph specific text style applied to this bullet.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ "glyph": "A String", # The rendered bullet glyph for this paragraph.
+ "listId": "A String", # The ID of the list this paragraph belongs to.
+ "nestingLevel": 42, # The nesting level of this paragraph in the list.
+ },
+ "style": { # Styles that apply to a whole paragraph. If this text is contained in a shape with a parent placeholder, then these paragraph styles may be inherited from the parent. Which paragraph styles are inherited depend on the nesting level of lists: * A paragraph not in a list will inherit its paragraph style from the paragraph at the 0 nesting level of the list inside the parent placeholder. * A paragraph in a list will inherit its paragraph style from the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited paragraph styles are represented as unset fields in this message. # The paragraph's style
+ "alignment": "A String", # The text alignment for this paragraph.
+ "direction": "A String", # The text direction of this paragraph. If unset, the value defaults to LEFT_TO_RIGHT since text direction is not inherited.
+ "indentEnd": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the end of the text, based on the current text direction. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "indentFirstLine": { # A magnitude in a single direction in the specified units. # The amount of indentation for the start of the first line of the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "indentStart": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the start of the text, based on the current text direction. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "lineSpacing": 3.14, # The amount of space between lines, as a percentage of normal, where normal is represented as 100.0. If unset, the value is inherited from the parent.
+ "spaceAbove": { # A magnitude in a single direction in the specified units. # The amount of extra space above the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "spaceBelow": { # A magnitude in a single direction in the specified units. # The amount of extra space below the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "spacingMode": "A String", # The spacing mode for the paragraph.
+ },
+ },
+ "startIndex": 42, # The zero-based start index of this text element, in Unicode code units.
+ "textRun": { # A TextElement kind that represents a run of text that all has the same styling. # A TextElement representing a run of text where all of the characters in the run have the same TextStyle. The `start_index` and `end_index` of TextRuns will always be fully contained in the index range of a single `paragraph_marker` TextElement. In other words, a TextRun will never span multiple paragraphs.
+ "content": "A String", # The text of this run.
+ "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this run.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ "sheetsChart": { # A PageElement kind representing a linked chart embedded from Google Sheets. # A linked chart embedded from Google Sheets. Unlinked charts are represented as images.
+ "chartId": 42, # The ID of the specific chart in the Google Sheets spreadsheet that is embedded.
+ "contentUrl": "A String", # The URL of an image of the embedded chart, with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the image as the original requester. Access to the image may be lost if the presentation's sharing settings change.
+ "sheetsChartProperties": { # The properties of the SheetsChart. # The properties of the Sheets chart.
+ "chartImageProperties": { # The properties of the Image. # The properties of the embedded chart image.
+ "brightness": 3.14, # The brightness effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+ "contrast": 3.14, # The contrast effect of the image. The value should be in the interval [-1.0, 1.0], where 0 means no effect. This property is read-only.
+ "cropProperties": { # The crop properties of an object enclosed in a container. For example, an Image. The crop properties is represented by the offsets of four edges which define a crop rectangle. The offsets are measured in percentage from the corresponding edges of the object's original bounding rectangle towards inside, relative to the object's original dimensions. - If the offset is in the interval (0, 1), the corresponding edge of crop rectangle is positioned inside of the object's original bounding rectangle. - If the offset is negative or greater than 1, the corresponding edge of crop rectangle is positioned outside of the object's original bounding rectangle. - If the left edge of the crop rectangle is on the right side of its right edge, the object will be flipped horizontally. - If the top edge of the crop rectangle is below its bottom edge, the object will be flipped vertically. - If all offsets and rotation angle is 0, the object is not cropped. After cropping, the content in the crop rectangle will be stretched to fit its container. # The crop properties of the image. If not set, the image is not cropped. This property is read-only.
+ "angle": 3.14, # The rotation angle of the crop window around its center, in radians. Rotation angle is applied after the offset.
+ "bottomOffset": 3.14, # The offset specifies the bottom edge of the crop rectangle that is located above the original bounding rectangle bottom edge, relative to the object's original height.
+ "leftOffset": 3.14, # The offset specifies the left edge of the crop rectangle that is located to the right of the original bounding rectangle left edge, relative to the object's original width.
+ "rightOffset": 3.14, # The offset specifies the right edge of the crop rectangle that is located to the left of the original bounding rectangle right edge, relative to the object's original width.
+ "topOffset": 3.14, # The offset specifies the top edge of the crop rectangle that is located below the original bounding rectangle top edge, relative to the object's original height.
+ },
+ "link": { # A hypertext link. # The hyperlink destination of the image. If unset, there is no link.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the image. If not set, the image has no outline.
+ "dashStyle": "A String", # The dash style of the outline.
+ "outlineFill": { # The fill of the outline. # The fill of the outline.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "recolor": { # A recolor effect applied on an image. # The recolor effect of the image. If not set, the image is not recolored. This property is read-only.
+ "name": "A String", # The name of the recolor effect. The name is determined from the `recolor_stops` by matching the gradient against the colors in the page's current color scheme. This property is read-only.
+ "recolorStops": [ # The recolor effect is represented by a gradient, which is a list of color stops. The colors in the gradient will replace the corresponding colors at the same position in the color palette and apply to the image. This property is read-only.
+ { # A color and position in a gradient band.
+ "alpha": 3.14, # The alpha value of this color in the gradient band. Defaults to 1.0, fully opaque.
+ "color": { # A themeable solid color value. # The color of the gradient stop.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ "position": 3.14, # The relative position of the color stop in the gradient band measured in percentage. The value should be in the interval [0.0, 1.0].
+ },
+ ],
+ },
+ "shadow": { # The shadow properties of a page element. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The shadow of the image. If not set, the image has no shadow. This property is read-only.
+ "alignment": "A String", # The alignment point of the shadow, that sets the origin for translate, scale and skew of the shadow. This property is read-only.
+ "alpha": 3.14, # The alpha of the shadow's color, from 0.0 to 1.0.
+ "blurRadius": { # A magnitude in a single direction in the specified units. # The radius of the shadow blur. The larger the radius, the more diffuse the shadow becomes.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "color": { # A themeable solid color value. # The shadow color value.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ "propertyState": "A String", # The shadow property state. Updating the shadow on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no shadow on a page element, set this field to `NOT_RENDERED`. In this case, any other shadow fields set in the same request will be ignored.
+ "rotateWithShape": True or False, # Whether the shadow should rotate with the shape. This property is read-only.
+ "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # Transform that encodes the translate, scale, and skew of the shadow, relative to the alignment position.
+ "scaleX": 3.14, # The X coordinate scaling element.
+ "scaleY": 3.14, # The Y coordinate scaling element.
+ "shearX": 3.14, # The X coordinate shearing element.
+ "shearY": 3.14, # The Y coordinate shearing element.
+ "translateX": 3.14, # The X coordinate translation element.
+ "translateY": 3.14, # The Y coordinate translation element.
+ "unit": "A String", # The units for translate elements.
+ },
+ "type": "A String", # The type of the shadow. This property is read-only.
+ },
+ "transparency": 3.14, # The transparency effect of the image. The value should be in the interval [0.0, 1.0], where 0 means no effect and 1 means completely transparent. This property is read-only.
+ },
+ },
+ "spreadsheetId": "A String", # The ID of the Google Sheets spreadsheet that contains the source chart.
+ },
+ "size": { # A width and height. # The size of the page element.
+ "height": { # A magnitude in a single direction in the specified units. # The height of the object.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "width": { # A magnitude in a single direction in the specified units. # The width of the object.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "table": { # A PageElement kind representing a table. # A table page element.
+ "columns": 42, # Number of columns in the table.
+ "horizontalBorderRows": [ # Properties of horizontal cell borders. A table's horizontal cell borders are represented as a grid. The grid has one more row than the number of rows in the table and the same number of columns as the table. For example, if the table is 3 x 3, its horizontal borders will be represented as a grid with 4 rows and 3 columns.
+ { # Contents of each border row in a table.
+ "tableBorderCells": [ # Properties of each border cell. When a border's adjacent table cells are merged, it is not included in the response.
+ { # The properties of each border cell.
+ "location": { # A location of a single table cell within a table. # The location of the border within the border table.
+ "columnIndex": 42, # The 0-based column index.
+ "rowIndex": 42, # The 0-based row index.
+ },
+ "tableBorderProperties": { # The border styling properties of the TableBorderCell. # The border properties.
+ "dashStyle": "A String", # The dash style of the border.
+ "tableBorderFill": { # The fill of the border. # The fill of the table border.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the border.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ },
+ ],
+ },
+ ],
+ "rows": 42, # Number of rows in the table.
+ "tableColumns": [ # Properties of each column.
+ { # Properties of each column in a table.
+ "columnWidth": { # A magnitude in a single direction in the specified units. # Width of a column.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ ],
+ "tableRows": [ # Properties and contents of each row. Cells that span multiple rows are contained in only one of these rows and have a row_span greater than 1.
+ { # Properties and contents of each row in a table.
+ "rowHeight": { # A magnitude in a single direction in the specified units. # Height of a row.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "tableCells": [ # Properties and contents of each cell. Cells that span multiple columns are represented only once with a column_span greater than 1. As a result, the length of this collection does not always match the number of columns of the entire table.
+ { # Properties and contents of each table cell.
+ "columnSpan": 42, # Column span of the cell.
+ "location": { # A location of a single table cell within a table. # The location of the cell within the table.
+ "columnIndex": 42, # The 0-based column index.
+ "rowIndex": 42, # The 0-based row index.
+ },
+ "rowSpan": 42, # Row span of the cell.
+ "tableCellProperties": { # The properties of the TableCell. # The properties of the table cell.
+ "contentAlignment": "A String", # The alignment of the content in the table cell. The default alignment matches the alignment for newly created table cells in the Slides editor.
+ "tableCellBackgroundFill": { # The table cell background fill. # The background fill of the table cell. The default fill matches the fill for newly created table cells in the Slides editor.
+ "propertyState": "A String", # The background fill property state. Updating the fill on a table cell will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a table cell, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ },
+ "text": { # The general text content. The text must reside in a compatible shape (e.g. text box or rectangle) or a table cell in a page. # The text content of the cell.
+ "lists": { # The bulleted lists contained in this text, keyed by list ID.
+ "a_key": { # A List describes the look and feel of bullets belonging to paragraphs associated with a list. A paragraph that is part of a list has an implicit reference to that list's ID.
+ "listId": "A String", # The ID of the list.
+ "nestingLevel": { # A map of nesting levels to the properties of bullets at the associated level. A list has at most nine levels of nesting, so the possible values for the keys of this map are 0 through 8, inclusive.
+ "a_key": { # Contains properties describing the look and feel of a list bullet at a given level of nesting.
+ "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The style of a bullet at this level of nesting.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ },
+ },
+ },
+ },
+ "textElements": [ # The text contents broken down into its component parts, including styling information. This property is read-only.
+ { # A TextElement describes the content of a range of indices in the text content of a Shape or TableCell.
+ "autoText": { # A TextElement kind that represents auto text. # A TextElement representing a spot in the text that is dynamically replaced with content that can change over time.
+ "content": "A String", # The rendered content of this auto text, if available.
+ "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this auto text.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ "type": "A String", # The type of this auto text.
+ },
+ "endIndex": 42, # The zero-based end index of this text element, exclusive, in Unicode code units.
+ "paragraphMarker": { # A TextElement kind that represents the beginning of a new paragraph. # A marker representing the beginning of a new paragraph. The `start_index` and `end_index` of this TextElement represent the range of the paragraph. Other TextElements with an index range contained inside this paragraph's range are considered to be part of this paragraph. The range of indices of two separate paragraphs will never overlap.
+ "bullet": { # Describes the bullet of a paragraph. # The bullet for this paragraph. If not present, the paragraph does not belong to a list.
+ "bulletStyle": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The paragraph specific text style applied to this bullet.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ "glyph": "A String", # The rendered bullet glyph for this paragraph.
+ "listId": "A String", # The ID of the list this paragraph belongs to.
+ "nestingLevel": 42, # The nesting level of this paragraph in the list.
+ },
+ "style": { # Styles that apply to a whole paragraph. If this text is contained in a shape with a parent placeholder, then these paragraph styles may be inherited from the parent. Which paragraph styles are inherited depend on the nesting level of lists: * A paragraph not in a list will inherit its paragraph style from the paragraph at the 0 nesting level of the list inside the parent placeholder. * A paragraph in a list will inherit its paragraph style from the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited paragraph styles are represented as unset fields in this message. # The paragraph's style
+ "alignment": "A String", # The text alignment for this paragraph.
+ "direction": "A String", # The text direction of this paragraph. If unset, the value defaults to LEFT_TO_RIGHT since text direction is not inherited.
+ "indentEnd": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the end of the text, based on the current text direction. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "indentFirstLine": { # A magnitude in a single direction in the specified units. # The amount of indentation for the start of the first line of the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "indentStart": { # A magnitude in a single direction in the specified units. # The amount indentation for the paragraph on the side that corresponds to the start of the text, based on the current text direction. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "lineSpacing": 3.14, # The amount of space between lines, as a percentage of normal, where normal is represented as 100.0. If unset, the value is inherited from the parent.
+ "spaceAbove": { # A magnitude in a single direction in the specified units. # The amount of extra space above the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "spaceBelow": { # A magnitude in a single direction in the specified units. # The amount of extra space below the paragraph. If unset, the value is inherited from the parent.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "spacingMode": "A String", # The spacing mode for the paragraph.
+ },
+ },
+ "startIndex": 42, # The zero-based start index of this text element, in Unicode code units.
+ "textRun": { # A TextElement kind that represents a run of text that all has the same styling. # A TextElement representing a run of text where all of the characters in the run have the same TextStyle. The `start_index` and `end_index` of TextRuns will always be fully contained in the index range of a single `paragraph_marker` TextElement. In other words, a TextRun will never span multiple paragraphs.
+ "content": "A String", # The text of this run.
+ "style": { # Represents the styling that can be applied to a TextRun. If this text is contained in a shape with a parent placeholder, then these text styles may be inherited from the parent. Which text styles are inherited depend on the nesting level of lists: * A text run in a paragraph that is not in a list will inherit its text style from the the newline character in the paragraph at the 0 nesting level of the list inside the parent placeholder. * A text run in a paragraph that is in a list will inherit its text style from the newline character in the paragraph at its corresponding nesting level of the list inside the parent placeholder. Inherited text styles are represented as unset fields in this message. If text is contained in a shape without a parent placeholder, unsetting these fields will revert the style to a value matching the defaults in the Slides editor. # The styling applied to this run.
+ "backgroundColor": { # A color that can either be fully opaque or fully transparent. # The background color of the text. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "baselineOffset": "A String", # The text's vertical offset from its normal position. Text with `SUPERSCRIPT` or `SUBSCRIPT` baseline offsets is automatically rendered in a smaller font size, computed based on the `font_size` field. The `font_size` itself is not affected by changes in this field.
+ "bold": True or False, # Whether or not the text is rendered as bold.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`. Some fonts can affect the weight of the text. If an update request specifies values for both `font_family` and `bold`, the explicitly-set `bold` value is used.
+ "fontSize": { # A magnitude in a single direction in the specified units. # The size of the text's font. When read, the `font_size` will specified in points.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "foregroundColor": { # A color that can either be fully opaque or fully transparent. # The color of the text itself. If set, the color is either opaque or transparent, depending on if the `opaque_color` field in it is set.
+ "opaqueColor": { # A themeable solid color value. # If set, this will be used as an opaque color. If unset, this represents a transparent color.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "italic": True or False, # Whether or not the text is italicized.
+ "link": { # A hypertext link. # The hyperlink destination of the text. If unset, there is no link. Links are not inherited from parent text. Changing the link in an update request causes some other changes to the text style of the range: * When setting a link, the text foreground color will be set to ThemeColorType.HYPERLINK and the text will be underlined. If these fields are modified in the same request, those values will be used instead of the link defaults. * Setting a link on a text range that overlaps with an existing link will also update the existing link to point to the new URL. * Links are not settable on newline characters. As a result, setting a link on a text range that crosses a paragraph boundary, such as `"ABC\n123"`, will separate the newline character(s) into their own text runs. The link will be applied separately to the runs before and after the newline. * Removing a link will update the text style of the range to match the style of the preceding text (or the default text styles if the preceding text is another link) unless different styles are being set in the same request.
+ "pageObjectId": "A String", # If set, indicates this is a link to the specific page in this presentation with this ID. A page with this ID may not exist.
+ "relativeLink": "A String", # If set, indicates this is a link to a slide in this presentation, addressed by its position.
+ "slideIndex": 42, # If set, indicates this is a link to the slide at this zero-based index in the presentation. There may not be a slide at this index.
+ "url": "A String", # If set, indicates this is a link to the external web page at this URL.
+ },
+ "smallCaps": True or False, # Whether or not the text is in small capital letters.
+ "strikethrough": True or False, # Whether or not the text is struck through.
+ "underline": True or False, # Whether or not the text is underlined.
+ "weightedFontFamily": { # Represents a font family and weight used to style a TextRun. # The font family and rendered weight of the text. This field is an extension of `font_family` meant to support explicit font weights without breaking backwards compatibility. As such, when reading the style of a range of text, the value of `weighted_font_family#font_family` will always be equal to that of `font_family`. However, when writing, if both fields are included in the field mask (either explicitly or through the wildcard `"*"`), their values are reconciled as follows: * If `font_family` is set and `weighted_font_family` is not, the value of `font_family` is applied with weight `400` ("normal"). * If both fields are set, the value of `font_family` must match that of `weighted_font_family#font_family`. If so, the font family and weight of `weighted_font_family` is applied. Otherwise, a 400 bad request error is returned. * If `weighted_font_family` is set and `font_family` is not, the font family and weight of `weighted_font_family` is applied. * If neither field is set, the font family and weight of the text inherit from the parent. Note that these properties cannot inherit separately from each other. If an update request specifies values for both `weighted_font_family` and `bold`, the `weighted_font_family` is applied first, then `bold`. If `weighted_font_family#weight` is not set, it defaults to `400`. If `weighted_font_family` is set, then `weighted_font_family#font_family` must also be set with a non-empty value. Otherwise, a 400 bad request error is returned.
+ "fontFamily": "A String", # The font family of the text. The font family can be any font from the Font menu in Slides or from [Google Fonts] (https://fonts.google.com/). If the font name is unrecognized, the text is rendered in `Arial`.
+ "weight": 42, # The rendered weight of the text. This field can have any value that is a multiple of `100` between `100` and `900`, inclusive. This range corresponds to the numerical values described in the CSS 2.1 Specification, [section 15.6](https://www.w3.org/TR/CSS21/fonts.html#font-boldness), with non-numerical values disallowed. Weights greater than or equal to `700` are considered bold, and weights less than `700`are not bold. The default value is `400` ("normal").
+ },
+ },
+ },
+ },
+ ],
+ },
+ },
+ ],
+ "tableRowProperties": { # Properties of each row in a table. # Properties of the row.
+ "minRowHeight": { # A magnitude in a single direction in the specified units. # Minimum height of the row. The row will be rendered in the Slides editor at a height equal to or greater than this value in order to show all the text in the row's cell(s).
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ },
+ ],
+ "verticalBorderRows": [ # Properties of vertical cell borders. A table's vertical cell borders are represented as a grid. The grid has the same number of rows as the table and one more column than the number of columns in the table. For example, if the table is 3 x 3, its vertical borders will be represented as a grid with 3 rows and 4 columns.
+ { # Contents of each border row in a table.
+ "tableBorderCells": [ # Properties of each border cell. When a border's adjacent table cells are merged, it is not included in the response.
+ { # The properties of each border cell.
+ "location": { # A location of a single table cell within a table. # The location of the border within the border table.
+ "columnIndex": 42, # The 0-based column index.
+ "rowIndex": 42, # The 0-based row index.
+ },
+ "tableBorderProperties": { # The border styling properties of the TableBorderCell. # The border properties.
+ "dashStyle": "A String", # The dash style of the border.
+ "tableBorderFill": { # The fill of the border. # The fill of the table border.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the border.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ },
+ ],
+ },
+ ],
+ },
+ "title": "A String", # The title of the page element. Combined with description to display alt text. The field is not supported for Group elements.
+ "transform": { # AffineTransform uses a 3x3 matrix with an implied last row of [ 0 0 1 ] to transform source coordinates (x,y) into destination coordinates (x', y') according to: x' x = shear_y scale_y translate_y 1 [ 1 ] After transformation, x' = scale_x * x + shear_x * y + translate_x; y' = scale_y * y + shear_y * x + translate_y; This message is therefore composed of these six matrix elements. # The transform of the page element. The visual appearance of the page element is determined by its absolute transform. To compute the absolute transform, preconcatenate a page element's transform with the transforms of all of its parent groups. If the page element is not in a group, its absolute transform is the same as the value in this field. The initial transform for the newly created Group is always the identity transform.
+ "scaleX": 3.14, # The X coordinate scaling element.
+ "scaleY": 3.14, # The Y coordinate scaling element.
+ "shearX": 3.14, # The X coordinate shearing element.
+ "shearY": 3.14, # The Y coordinate shearing element.
+ "translateX": 3.14, # The X coordinate translation element.
+ "translateY": 3.14, # The Y coordinate translation element.
+ "unit": "A String", # The units for translate elements.
+ },
+ "video": { # A PageElement kind representing a video. # A video page element.
+ "id": "A String", # The video source's unique identifier for this video.
+ "source": "A String", # The video source.
+ "url": "A String", # An URL to a video. The URL is valid as long as the source video exists and sharing settings do not change.
+ "videoProperties": { # The properties of the Video. # The properties of the video.
+ "autoPlay": True or False, # Whether to enable video autoplay when the page is displayed in present mode. Defaults to false.
+ "end": 42, # The time at which to end playback, measured in seconds from the beginning of the video. If set, the end time should be after the start time. If not set or if you set this to a value that exceeds the video's length, the video will be played until its end.
+ "mute": True or False, # Whether to mute the audio during video playback. Defaults to false.
+ "outline": { # The outline of a PageElement. If these fields are unset, they may be inherited from a parent placeholder if it exists. If there is no parent, the fields will default to the value used for new page elements created in the Slides editor, which may depend on the page element kind. # The outline of the video. The default outline matches the defaults for new videos created in the Slides editor.
+ "dashStyle": "A String", # The dash style of the outline.
+ "outlineFill": { # The fill of the outline. # The fill of the outline.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ },
+ "propertyState": "A String", # The outline property state. Updating the outline on a page element will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no outline on a page element, set this field to `NOT_RENDERED`. In this case, any other outline fields set in the same request will be ignored.
+ "weight": { # A magnitude in a single direction in the specified units. # The thickness of the outline.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ "start": 42, # The time at which to start playback, measured in seconds from the beginning of the video. If set, the start time should be before the end time. If you set this to a value that exceeds the video's length in seconds, the video will be played from the last second. If not set, the video will be played from the beginning.
+ },
+ },
+ "wordArt": { # A PageElement kind representing word art. # A word art page element.
+ "renderedText": "A String", # The text rendered as word art.
+ },
+ },
+ ],
+ "pageProperties": { # The properties of the Page. The page will inherit properties from the parent page. Depending on the page type the hierarchy is defined in either SlideProperties or LayoutProperties. # The properties of the page.
+ "colorScheme": { # The palette of predefined colors for a page. # The color scheme of the page. If unset, the color scheme is inherited from a parent page. If the page has no parent, the color scheme uses a default Slides color scheme, matching the defaults in the Slides editor. Only the concrete colors of the first 12 ThemeColorTypes are editable. In addition, only the color scheme on `Master` pages can be updated. To update the field, a color scheme containing mappings from all the first 12 ThemeColorTypes to their concrete colors must be provided. Colors for the remaining ThemeColorTypes will be ignored.
+ "colors": [ # The ThemeColorType and corresponding concrete color pairs.
+ { # A pair mapping a theme color type to the concrete color it represents.
+ "color": { # An RGB color. # The concrete color corresponding to the theme color type above.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "type": "A String", # The type of the theme color.
+ },
+ ],
+ },
+ "pageBackgroundFill": { # The page background fill. # The background fill of the page. If unset, the background fill is inherited from a parent page if it exists. If the page has no parent, then the background fill defaults to the corresponding fill in the Slides editor.
+ "propertyState": "A String", # The background fill property state. Updating the fill on a page will implicitly update this field to `RENDERED`, unless another value is specified in the same request. To have no fill on a page, set this field to `NOT_RENDERED`. In this case, any other fill fields set in the same request will be ignored.
+ "solidFill": { # A solid color fill. The page or page element is filled entirely with the specified color value. If any field is unset, its value may be inherited from a parent placeholder if it exists. # Solid color fill.
+ "alpha": 3.14, # The fraction of this `color` that should be applied to the pixel. That is, the final pixel color is defined by the equation: pixel color = alpha * (color) + (1.0 - alpha) * (background color) This means that a value of 1.0 corresponds to a solid color, whereas a value of 0.0 corresponds to a completely transparent color.
+ "color": { # A themeable solid color value. # The color value of the solid fill.
+ "rgbColor": { # An RGB color. # An opaque RGB color.
+ "blue": 3.14, # The blue component of the color, from 0.0 to 1.0.
+ "green": 3.14, # The green component of the color, from 0.0 to 1.0.
+ "red": 3.14, # The red component of the color, from 0.0 to 1.0.
+ },
+ "themeColor": "A String", # An opaque theme color.
+ },
+ },
+ "stretchedPictureFill": { # The stretched picture fill. The page or page element is filled entirely with the specified picture. The picture is stretched to fit its container. # Stretched picture fill.
+ "contentUrl": "A String", # Reading the content_url: An URL to a picture with a default lifetime of 30 minutes. This URL is tagged with the account of the requester. Anyone with the URL effectively accesses the picture as the original requester. Access to the picture may be lost if the presentation's sharing settings change. Writing the content_url: The picture is fetched once at insertion time and a copy is stored for display inside the presentation. Pictures must be less than 50MB in size, cannot exceed 25 megapixels, and must be in one of PNG, JPEG, or GIF format. The provided URL can be at most 2 kB in length.
+ "size": { # A width and height. # The original size of the picture fill. This field is read-only.
+ "height": { # A magnitude in a single direction in the specified units. # The height of the object.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ "width": { # A magnitude in a single direction in the specified units. # The width of the object.
+ "magnitude": 3.14, # The magnitude.
+ "unit": "A String", # The units for magnitude.
+ },
+ },
+ },
+ },
+ },
+ "pageType": "A String", # The type of the page.
+ "revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
+ },
},
},
"updateSlidesPosition": { # Updates the position of slides in the presentation. # Updates the position of a set of slides in the presentation.
@@ -2045,12 +3052,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -3061,12 +4063,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -4075,12 +5072,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
"pageSize": { # A width and height. # The size of pages in the presentation.
"height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -5101,12 +6093,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"title": "A String", # The title of the presentation.
@@ -6128,12 +7115,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -7144,12 +8126,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -8158,12 +9135,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
"pageSize": { # A width and height. # The size of pages in the presentation.
"height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -9184,12 +10156,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"title": "A String", # The title of the presentation.
@@ -10218,12 +11185,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"locale": "A String", # The locale of the presentation, as an IETF BCP 47 language tag.
@@ -11234,12 +12196,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"notesMaster": { # A page in a presentation. # The notes master in the presentation. It serves three purposes: - Placeholder shapes on a notes master contain the default text styles and shape properties of all placeholder shapes on notes pages. Specifically, a `SLIDE_IMAGE` placeholder shape contains the slide thumbnail, and a `BODY` placeholder shape contains the speaker notes. - The notes master page properties define the common page properties inherited by all notes pages. - Any other shapes on the notes master appear on all notes pages. The notes master is read-only.
@@ -12248,12 +13205,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
"pageSize": { # A width and height. # The size of pages in the presentation.
"height": { # A magnitude in a single direction in the specified units. # The height of the object.
@@ -13274,12 +14226,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
},
],
"title": "A String", # The title of the presentation.
diff --git a/docs/dyn/slides_v1.presentations.pages.html b/docs/dyn/slides_v1.presentations.pages.html
index aab9b5e..68f1bda 100644
--- a/docs/dyn/slides_v1.presentations.pages.html
+++ b/docs/dyn/slides_v1.presentations.pages.html
@@ -1110,12 +1110,7 @@
},
"pageType": "A String", # The type of the page.
"revisionId": "A String", # The revision ID of the presentation containing this page. Can be used in update requests to assert that the presentation revision hasn't changed since the last read operation. Only populated if the user has edit access to the presentation. The format of the revision ID may change over time, so it should be treated opaquely. A returned revision ID is only guaranteed to be valid for 24 hours after it has been returned and cannot be shared across users. If the revision ID is unchanged between calls, then the presentation has not changed. Conversely, a changed ID (for the same presentation and user) usually means the presentation has been updated; however, a changed ID can also be due to internal factors such as ID format changes.
- "slideProperties": { # The properties of Page that are only relevant for pages with page_type SLIDE. # Slide specific properties. Only set if page_type = SLIDE.
- "isSkipped": True or False, # Whether the slide is skipped in the presentation mode. Defaults to false.
- "layoutObjectId": "A String", # The object ID of the layout that this slide is based on. This property is read-only.
- "masterObjectId": "A String", # The object ID of the master that this slide is based on. This property is read-only.
- "notesPage": # Object with schema name: Page # The notes page that this slide is associated with. It defines the visual appearance of a notes page when printing or exporting slides with speaker notes. A notes page inherits properties from the notes master. The placeholder shape with type BODY on the notes page contains the speaker notes for this slide. The ID of this shape is identified by the speakerNotesObjectId field. The notes page is read-only except for the text content and styles of the speaker notes shape. This property is read-only.
- },
+ "slideProperties": # Object with schema name: SlideProperties # Slide specific properties. Only set if page_type = SLIDE.
}</pre>
</div>
diff --git a/docs/dyn/versionhistory_v1.html b/docs/dyn/versionhistory_v1.html
new file mode 100644
index 0000000..ac8acab
--- /dev/null
+++ b/docs/dyn/versionhistory_v1.html
@@ -0,0 +1,111 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="versionhistory_v1.html">Version History API</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="versionhistory_v1.platforms.html">platforms()</a></code>
+</p>
+<p class="firstline">Returns the platforms Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#new_batch_http_request">new_batch_http_request()</a></code></p>
+<p class="firstline">Create a BatchHttpRequest object based on the discovery document.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="new_batch_http_request">new_batch_http_request()</code>
+ <pre>Create a BatchHttpRequest object based on the discovery document.
+
+ Args:
+ callback: callable, A callback to be called for each response, of the
+ form callback(id, response, exception). The first parameter is the
+ request id, and the second is the deserialized response object. The
+ third is an apiclient.errors.HttpError exception object if an HTTP
+ error occurred while processing the request, or None if no error
+ occurred.
+
+ Returns:
+ A BatchHttpRequest object based on the discovery document.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/versionhistory_v1.platforms.channels.html b/docs/dyn/versionhistory_v1.platforms.channels.html
new file mode 100644
index 0000000..ecaebb6
--- /dev/null
+++ b/docs/dyn/versionhistory_v1.platforms.channels.html
@@ -0,0 +1,138 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="versionhistory_v1.html">Version History API</a> . <a href="versionhistory_v1.platforms.html">platforms</a> . <a href="versionhistory_v1.platforms.channels.html">channels</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="versionhistory_v1.platforms.channels.versions.html">versions()</a></code>
+</p>
+<p class="firstline">Returns the versions Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns list of channels that are available for a given platform.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Returns list of channels that are available for a given platform.
+
+Args:
+ parent: string, Required. The platform, which owns this collection of channels. Format: {product}/platforms/{platform} (required)
+ pageSize: integer, Optional. Optional limit on the number of channels to include in the response. If unspecified, the server will pick an appropriate default.
+ pageToken: string, Optional. A page token, received from a previous `ListChannels` call. Provide this to retrieve the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for ListChannels.
+ "channels": [ # The list of channels.
+ { # Each Channel is owned by a Platform and owns a collection of versions. Possible Channels are listed in the Channel enum below. Not all Channels are available for every Platform (e.g. CANARY does not exist for LINUX).
+ "channelType": "A String", # Type of channel.
+ "name": "A String", # Channel name. Format is "{product}/platforms/{platform}/channels/{channel}"
+ },
+ ],
+ "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/versionhistory_v1.platforms.channels.versions.html b/docs/dyn/versionhistory_v1.platforms.channels.versions.html
new file mode 100644
index 0000000..0e831b8
--- /dev/null
+++ b/docs/dyn/versionhistory_v1.platforms.channels.versions.html
@@ -0,0 +1,140 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="versionhistory_v1.html">Version History API</a> . <a href="versionhistory_v1.platforms.html">platforms</a> . <a href="versionhistory_v1.platforms.channels.html">channels</a> . <a href="versionhistory_v1.platforms.channels.versions.html">versions</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="versionhistory_v1.platforms.channels.versions.releases.html">releases()</a></code>
+</p>
+<p class="firstline">Returns the releases Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns list of version for the given platform/channel.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Returns list of version for the given platform/channel.
+
+Args:
+ parent: string, Required. The channel, which owns this collection of versions. Format: {product}/platforms/{platform}/channels/{channel} (required)
+ filter: string, Optional. Filter string. Format is a comma separated list of All comma separated filter clauses are conjoined with a logical "and". Valid field_names are "version", "name", "platform", and "channel". Valid operators are "<", "<=", "=", ">=", and ">". Channel comparison is done by distance from stable. Ex) stable < beta, beta < dev, canary < canary_asan. Version comparison is done numerically. If version is not entirely written, the version will be appended with 0 in missing fields. Ex) version > 80 becoms version > 80.0.0.0 Name and platform are filtered by string comparison. Ex) "...?filter=channel<=beta, version >= 80 Ex) "...?filter=version > 80, version < 81
+ orderBy: string, Optional. Ordering string. Valid order_by strings are "version", "name", "platform", and "channel". Optionally, you can append " desc" or " asc" to specify the sorting order. Multiple order_by strings can be used in a comma separated list. Ordering by channel will sort by distance from the stable channel (not alphabetically). A list of channels sorted in this order is: stable, beta, dev, canary, and canary_asan. Sorting by name may cause unexpected behaviour as it is a naive string sort. For example, 1.0.0.8 will be before 1.0.0.10 in descending order. If order_by is not specified the response will be sorted by version in descending order. Ex) "...?order_by=version asc" Ex) "...?order_by=platform desc, channel, version"
+ pageSize: integer, Optional. Optional limit on the number of versions to include in the response. If unspecified, the server will pick an appropriate default.
+ pageToken: string, Optional. A page token, received from a previous `ListVersions` call. Provide this to retrieve the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for ListVersions.
+ "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "versions": [ # The list of versions.
+ { # Each Version is owned by a Channel. A Version only displays the Version number (e.g. 84.0.4147.38). A Version owns a collection of releases.
+ "name": "A String", # Version name. Format is "{product}/platforms/{platform}/channels/{channel}/versions/{version}" e.g. "chrome/platforms/win/channels/beta/versions/84.0.4147.38"
+ "version": "A String", # String containing just the version number. e.g. "84.0.4147.38"
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/versionhistory_v1.platforms.channels.versions.releases.html b/docs/dyn/versionhistory_v1.platforms.channels.versions.releases.html
new file mode 100644
index 0000000..5307523
--- /dev/null
+++ b/docs/dyn/versionhistory_v1.platforms.channels.versions.releases.html
@@ -0,0 +1,140 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="versionhistory_v1.html">Version History API</a> . <a href="versionhistory_v1.platforms.html">platforms</a> . <a href="versionhistory_v1.platforms.channels.html">channels</a> . <a href="versionhistory_v1.platforms.channels.versions.html">versions</a> . <a href="versionhistory_v1.platforms.channels.versions.releases.html">releases</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns list of releases of the given version.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Returns list of releases of the given version.
+
+Args:
+ parent: string, Required. The version, which owns this collection of releases. Format: {product}/platforms/{platform}/channels/{channel}/versions/{version} (required)
+ filter: string, Optional. Filter string. Format is a comma separated list of All comma separated filter clauses are conjoined with a logical "and". Valid field_names are "version", "name", "platform", "channel", "fraction" "starttime", and "endtime". Valid operators are "<", "<=", "=", ">=", and ">". Channel comparison is done by distance from stable. must be a valid channel when filtering by channel. Ex) stable < beta, beta < dev, canary < canary_asan. Version comparison is done numerically. Ex) 1.0.0.8 < 1.0.0.10. If version is not entirely written, the version will be appended with 0 for the missing fields. Ex) version > 80 becoms version > 80.0.0.0 When filtering by starttime or endtime, string must be in RFC 3339 date string format. Name and platform are filtered by string comparison. Ex) "...?filter=channel<=beta, version >= 80 Ex) "...?filter=version > 80, version < 81 Ex) "...?filter=starttime>2020-01-01T00:00:00Z
+ orderBy: string, Optional. Ordering string. Valid order_by strings are "version", "name", "starttime", "endtime", "platform", "channel", and "fraction". Optionally, you can append "desc" or "asc" to specify the sorting order. Multiple order_by strings can be used in a comma separated list. Ordering by channel will sort by distance from the stable channel (not alphabetically). A list of channels sorted in this order is: stable, beta, dev, canary, and canary_asan. Sorting by name may cause unexpected behaviour as it is a naive string sort. For example, 1.0.0.8 will be before 1.0.0.10 in descending order. If order_by is not specified the response will be sorted by starttime in descending order. Ex) "...?order_by=starttime asc" Ex) "...?order_by=platform desc, channel, startime desc"
+ pageSize: integer, Optional. Optional limit on the number of releases to include in the response. If unspecified, the server will pick an appropriate default.
+ pageToken: string, Optional. A page token, received from a previous `ListReleases` call. Provide this to retrieve the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for ListReleases.
+ "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "releases": [ # The list of releases.
+ { # A Release is owned by a Version. A Release contains information about the release(s) of its parent version. This includes when the release began and ended, as well as what percentage it was released at. If the version is released again, or if the serving percentage changes, it will create another release under the version.
+ "fraction": 3.14, # Rollout fraction. This fraction indicates the fraction of people that should receive this version in this release. If the fraction is not specified in ReleaseManager, the API will assume fraction is 1.
+ "name": "A String", # Release name. Format is "{product}/platforms/{platform}/channels/{channel}/versions/{version}/releases/{release}"
+ "serving": { # Represents a time interval, encoded as a Timestamp start (inclusive) and a Timestamp end (exclusive). The start must be less than or equal to the end. When the start equals the end, the interval is empty (matches no time). When both start and end are unspecified, the interval matches any time. # Timestamp interval of when the release was live. If end_time is unspecified, the release is currently live.
+ "endTime": "A String", # Optional. Exclusive end of the interval. If specified, a Timestamp matching this interval will have to be before the end.
+ "startTime": "A String", # Optional. Inclusive start of the interval. If specified, a Timestamp matching this interval will have to be the same or after the start.
+ },
+ "version": "A String", # String containing just the version number. e.g. "84.0.4147.38"
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/versionhistory_v1.platforms.html b/docs/dyn/versionhistory_v1.platforms.html
new file mode 100644
index 0000000..d2d0d02
--- /dev/null
+++ b/docs/dyn/versionhistory_v1.platforms.html
@@ -0,0 +1,138 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="versionhistory_v1.html">Version History API</a> . <a href="versionhistory_v1.platforms.html">platforms</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="versionhistory_v1.platforms.channels.html">channels()</a></code>
+</p>
+<p class="firstline">Returns the channels Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns list of platforms that are available for a given product. The resource "product" has no resource name in its name.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Returns list of platforms that are available for a given product. The resource "product" has no resource name in its name.
+
+Args:
+ parent: string, Required. The product, which owns this collection of platforms. Format: {product} (required)
+ pageSize: integer, Optional. Optional limit on the number of channels to include in the response. If unspecified, the server will pick an appropriate default.
+ pageToken: string, Optional. A page token, received from a previous `ListChannels` call. Provide this to retrieve the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for ListPlatforms.
+ "nextPageToken": "A String", # A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "platforms": [ # The list of platforms.
+ { # Each Platform is owned by a Product and owns a collection of channels. Available platforms are listed in Platform enum below. Not all Channels are available for every Platform (e.g. CANARY does not exist for LINUX).
+ "name": "A String", # Platform name. Format is "{product}/platforms/{platform}"
+ "platformType": "A String", # Type of platform.
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.html b/docs/dyn/vmmigration_v1.html
new file mode 100644
index 0000000..ee8ccb4
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.html
@@ -0,0 +1,111 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.html">projects()</a></code>
+</p>
+<p class="firstline">Returns the projects Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#new_batch_http_request">new_batch_http_request()</a></code></p>
+<p class="firstline">Create a BatchHttpRequest object based on the discovery document.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="new_batch_http_request">new_batch_http_request()</code>
+ <pre>Create a BatchHttpRequest object based on the discovery document.
+
+ Args:
+ callback: callable, A callback to be called for each response, of the
+ form callback(id, response, exception). The first parameter is the
+ request id, and the second is the deserialized response object. The
+ third is an apiclient.errors.HttpError exception object if an HTTP
+ error occurred while processing the request, or None if no error
+ occurred.
+
+ Returns:
+ A BatchHttpRequest object based on the discovery document.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.html b/docs/dyn/vmmigration_v1.projects.html
new file mode 100644
index 0000000..bb005fa
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.html
@@ -0,0 +1,91 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.html">locations()</a></code>
+</p>
+<p class="firstline">Returns the locations Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.groups.html b/docs/dyn/vmmigration_v1.projects.locations.groups.html
new file mode 100644
index 0000000..180231f
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.groups.html
@@ -0,0 +1,398 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.groups.html">groups</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#addGroupMigration">addGroupMigration(group, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Adds a MigratingVm to a Group.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, groupId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new Group in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Group.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single Group.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Groups in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single Group.</p>
+<p class="toc_element">
+ <code><a href="#removeGroupMigration">removeGroupMigration(group, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Removes a MigratingVm from a Group.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="addGroupMigration">addGroupMigration(group, body=None, x__xgafv=None)</code>
+ <pre>Adds a MigratingVm to a Group.
+
+Args:
+ group: string, Required. The full path name of the Group to add to. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'AddGroupMigration' request.
+ "migratingVm": "A String", # The full path name of the MigratingVm to add.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, groupId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new Group in a given project and location.
+
+Args:
+ parent: string, Required. The Group's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}
+
+ groupId: string, Required. The group identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Group.
+
+Args:
+ name: string, Required. The Group name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single Group.
+
+Args:
+ name: string, Required. The group name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists Groups in a given project and location.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of groups. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of groups to return. The service may return fewer than this value. If unspecified, at most 500 groups will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListGroups` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListGroups` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListGroups' request.
+ "groups": [ # Output only. The list of groups response.
+ { # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single Group.
+
+Args:
+ name: string, The Group name. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the Group resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="removeGroupMigration">removeGroupMigration(group, body=None, x__xgafv=None)</code>
+ <pre>Removes a MigratingVm from a Group.
+
+Args:
+ group: string, Required. The name of the Group. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'RemoveMigration' request.
+ "migratingVm": "A String", # The MigratingVm to remove.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.html b/docs/dyn/vmmigration_v1.projects.locations.html
new file mode 100644
index 0000000..6f78272
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.html
@@ -0,0 +1,191 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.groups.html">groups()</a></code>
+</p>
+<p class="firstline">Returns the groups Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.operations.html">operations()</a></code>
+</p>
+<p class="firstline">Returns the operations Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.html">sources()</a></code>
+</p>
+<p class="firstline">Returns the sources Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.targetProjects.html">targetProjects()</a></code>
+</p>
+<p class="firstline">Returns the targetProjects Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets information about a location.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists information about the supported locations for this service.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets information about a location.
+
+Args:
+ name: string, Resource name for the location. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A resource that represents Google Cloud Platform location.
+ "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+ "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+ "a_key": "A String",
+ },
+ "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+ "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists information about the supported locations for this service.
+
+Args:
+ name: string, The resource that owns the locations collection, if applicable. (required)
+ filter: string, A filter to narrow down results to a preferred subset. The filtering language accepts strings like "displayName=tokyo", and is documented in more detail in [AIP-160](https://google.aip.dev/160).
+ pageSize: integer, The maximum number of results to return. If not set, the service selects a default.
+ pageToken: string, A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # The response message for Locations.ListLocations.
+ "locations": [ # A list of locations that matches the specified filter in the request.
+ { # A resource that represents Google Cloud Platform location.
+ "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+ "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+ "a_key": "A String",
+ },
+ "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+ "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+ },
+ ],
+ "nextPageToken": "A String", # The standard List next-page token.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.operations.html b/docs/dyn/vmmigration_v1.projects.locations.operations.html
new file mode 100644
index 0000000..2c71e46
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.operations.html
@@ -0,0 +1,235 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.operations.html">operations</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
+
+Args:
+ name: string, The name of the operation resource to be cancelled. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # The request message for Operations.CancelOperation.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+
+Args:
+ name: string, The name of the operation resource to be deleted. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
+
+Args:
+ name: string, The name of the operation resource. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
+
+Args:
+ name: string, The name of the operation's parent resource. (required)
+ filter: string, The standard list filter.
+ pageSize: integer, The standard list page size.
+ pageToken: string, The standard list page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # The response message for Operations.ListOperations.
+ "nextPageToken": "A String", # The standard List next-page token.
+ "operations": [ # A list of operations that matches the specified filter in the request.
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.datacenterConnectors.html b/docs/dyn/vmmigration_v1.projects.locations.sources.datacenterConnectors.html
new file mode 100644
index 0000000..7c31397
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.datacenterConnectors.html
@@ -0,0 +1,296 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1.projects.locations.sources.datacenterConnectors.html">datacenterConnectors</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, datacenterConnectorId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new DatacenterConnector in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single DatacenterConnector.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single DatacenterConnector.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists DatacenterConnectors in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, datacenterConnectorId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new DatacenterConnector in a given Source.
+
+Args:
+ parent: string, Required. The DatacenterConnector's parent. Required. The Source in where the new DatacenterConnector will be created. For example: `projects/my-project/locations/us-central1/sources/my-source` (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+}
+
+ datacenterConnectorId: string, Required. The datacenterConnector identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single DatacenterConnector.
+
+Args:
+ name: string, Required. The DatacenterConnector name. (required)
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single DatacenterConnector.
+
+Args:
+ name: string, Required. The name of the DatacenterConnector. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists DatacenterConnectors in a given Source.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of connectors. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of connectors to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListDatacenterConnectors` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListDatacenterConnectors` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListDatacenterConnectors' request.
+ "datacenterConnectors": [ # Output only. The list of sources response.
+ { # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.html b/docs/dyn/vmmigration_v1.projects.locations.sources.html
new file mode 100644
index 0000000..727767d
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.html
@@ -0,0 +1,396 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.datacenterConnectors.html">datacenterConnectors()</a></code>
+</p>
+<p class="firstline">Returns the datacenterConnectors Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.migratingVms.html">migratingVms()</a></code>
+</p>
+<p class="firstline">Returns the migratingVms Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.utilizationReports.html">utilizationReports()</a></code>
+</p>
+<p class="firstline">Returns the utilizationReports Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, sourceId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new Source in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Source.</p>
+<p class="toc_element">
+ <code><a href="#fetchInventory">fetchInventory(source, forceRefresh=None, x__xgafv=None)</a></code></p>
+<p class="firstline">List remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single Source.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Sources in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single Source.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, sourceId=None, x__xgafv=None)</code>
+ <pre>Creates a new Source in a given project and location.
+
+Args:
+ parent: string, Required. The Source's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ sourceId: string, Required. The source identifier.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Source.
+
+Args:
+ name: string, Required. The Source name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="fetchInventory">fetchInventory(source, forceRefresh=None, x__xgafv=None)</code>
+ <pre>List remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.
+
+Args:
+ source: string, Required. The name of the Source. (required)
+ forceRefresh: boolean, If this flag is set to true, the source will be queried instead of using cached results. Using this flag will make the call slower.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for fetchInventory.
+ "updateTime": "A String", # Output only. The timestamp when the source was last queried (if the result is from the cache).
+ "vmwareVms": { # VmwareVmsDetails describes VMs in vCenter. # Output only. The description of the VMs in a Source of type Vmware.
+ "details": [ # The details of the vmware VMs.
+ { # VmwareVmDetails describes a VM in vCenter.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single Source.
+
+Args:
+ name: string, Required. The Source name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists Sources in a given project and location.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of sources. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of sources to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListSources` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSources` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListSources' request.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "sources": [ # Output only. The list of sources response.
+ { # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+ },
+ ],
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single Source.
+
+Args:
+ name: string, Output only. The Source name. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the Source resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cloneJobs.html b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cloneJobs.html
new file mode 100644
index 0000000..b0ef126
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cloneJobs.html
@@ -0,0 +1,571 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1.projects.locations.sources.migratingVms.html">migratingVms</a> . <a href="vmmigration_v1.projects.locations.sources.migratingVms.cloneJobs.html">cloneJobs</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates the cancellation of a running clone job.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, cloneJobId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates a Clone of a specific migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single CloneJob.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists CloneJobs of a given migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Initiates the cancellation of a running clone job.
+
+Args:
+ name: string, Required. The clone job id (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'CancelCloneJob' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, cloneJobId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Initiates a Clone of a specific migrating VM.
+
+Args:
+ parent: string, Required. The Clone's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+}
+
+ cloneJobId: string, Required. The clone job identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single CloneJob.
+
+Args:
+ name: string, Required. The name of the CloneJob. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists CloneJobs of a given migrating VM.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of source VMs. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of clone jobs to return. The service may return fewer than this value. If unspecified, at most 500 clone jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListCloneJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCloneJobs` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListCloneJobs' request.
+ "cloneJobs": [ # Output only. The list of clone jobs response.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cutoverJobs.html b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cutoverJobs.html
new file mode 100644
index 0000000..abc0478
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.cutoverJobs.html
@@ -0,0 +1,577 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1.projects.locations.sources.migratingVms.html">migratingVms</a> . <a href="vmmigration_v1.projects.locations.sources.migratingVms.cutoverJobs.html">cutoverJobs</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates the cancellation of a running cutover job.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, cutoverJobId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single CutoverJob.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists CutoverJobs of a given migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Initiates the cancellation of a running cutover job.
+
+Args:
+ name: string, Required. The cutover job id (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'CancelCutoverJob' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, cutoverJobId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Initiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.
+
+Args:
+ parent: string, Required. The Cutover's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+}
+
+ cutoverJobId: string, Required. The cutover job identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single CutoverJob.
+
+Args:
+ name: string, Required. The name of the CutoverJob. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists CutoverJobs of a given migrating VM.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of migrating VMs. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of cutover jobs to return. The service may return fewer than this value. If unspecified, at most 500 cutover jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListCutoverJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCutoverJobs` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListCutoverJobs' request.
+ "cutoverJobs": [ # Output only. The list of cutover jobs response.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html
new file mode 100644
index 0000000..a3d0ff2
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.migratingVms.html
@@ -0,0 +1,789 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1.projects.locations.sources.migratingVms.html">migratingVms</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.migratingVms.cloneJobs.html">cloneJobs()</a></code>
+</p>
+<p class="firstline">Returns the cloneJobs Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1.projects.locations.sources.migratingVms.cutoverJobs.html">cutoverJobs()</a></code>
+</p>
+<p class="firstline">Returns the cutoverJobs Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, migratingVmId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new MigratingVm in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#finalizeMigration">finalizeMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Marks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists MigratingVms in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#pauseMigration">pauseMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Pauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.</p>
+<p class="toc_element">
+ <code><a href="#resumeMigration">resumeMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Resumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.</p>
+<p class="toc_element">
+ <code><a href="#startMigration">startMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Starts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, migratingVmId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new MigratingVm in a given Source.
+
+Args:
+ parent: string, Required. The MigratingVm's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}
+
+ migratingVmId: string, Required. The migratingVm identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes a single MigratingVm.
+
+Args:
+ name: string, Required. The name of the MigratingVm. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="finalizeMigration">finalizeMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Marks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'FinalizeMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single MigratingVm.
+
+Args:
+ name: string, Required. The name of the MigratingVm. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists MigratingVms in a given Source.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of MigratingVms. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of migrating VMs to return. The service may return fewer than this value. If unspecified, at most 500 migrating VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListMigratingVms' request.
+ "migratingVms": [ # Output only. The list of Migrating VMs response.
+ { # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single MigratingVm.
+
+Args:
+ name: string, Output only. The identifier of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the MigratingVm resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="pauseMigration">pauseMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Pauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'PauseMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="resumeMigration">resumeMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Resumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'ResumeMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="startMigration">startMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Starts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'StartMigrationRequest' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.sources.utilizationReports.html b/docs/dyn/vmmigration_v1.projects.locations.sources.utilizationReports.html
new file mode 100644
index 0000000..f15964d
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.sources.utilizationReports.html
@@ -0,0 +1,390 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1.projects.locations.sources.utilizationReports.html">utilizationReports</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, utilizationReportId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new UtilizationReport.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Utilization Report.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, view=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets a single Utilization Report.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Utilization Reports of the given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, utilizationReportId=None, x__xgafv=None)</code>
+ <pre>Creates a new UtilizationReport.
+
+Args:
+ parent: string, Required. The Utilization Report's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ utilizationReportId: string, Required. The ID to use for the report, which will become the final component of the reports's resource name. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Utilization Report.
+
+Args:
+ name: string, Required. The Utilization Report name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, view=None, x__xgafv=None)</code>
+ <pre>Gets a single Utilization Report.
+
+Args:
+ name: string, Required. The Utilization Report name. (required)
+ view: string, Optional. The level of details of the report. Defaults to FULL
+ Allowed values
+ UTILIZATION_REPORT_VIEW_UNSPECIFIED - The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
+ BASIC - Get the report metadata, without the list of VMs and their utilization info.
+ FULL - Include everything.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</code>
+ <pre>Lists Utilization Reports of the given Source.
+
+Args:
+ parent: string, Required. The Utilization Reports parent. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of reports to return. The service may return fewer than this value. If unspecified, at most 500 reports will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListUtilizationReports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListUtilizationReports` must match the call that provided the page token.
+ view: string, Optional. The level of details of each report. Defaults to BASIC.
+ Allowed values
+ UTILIZATION_REPORT_VIEW_UNSPECIFIED - The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
+ BASIC - Get the report metadata, without the list of VMs and their utilization info.
+ FULL - Include everything.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListUtilizationReports' request.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+ "utilizationReports": [ # Output only. The list of reports.
+ { # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1.projects.locations.targetProjects.html b/docs/dyn/vmmigration_v1.projects.locations.targetProjects.html
new file mode 100644
index 0000000..14c2ccb
--- /dev/null
+++ b/docs/dyn/vmmigration_v1.projects.locations.targetProjects.html
@@ -0,0 +1,308 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1.html">VM Migration API</a> . <a href="vmmigration_v1.projects.html">projects</a> . <a href="vmmigration_v1.projects.locations.html">locations</a> . <a href="vmmigration_v1.projects.locations.targetProjects.html">targetProjects</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, targetProjectId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, targetProjectId=None, x__xgafv=None)</code>
+ <pre>Creates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ parent: string, Required. The TargetProject's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ targetProjectId: string, Required. The target_project identifier.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, Required. The TargetProject name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, Required. The TargetProject name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of targets. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListTargets` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListTargets` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListTargetProjects' call.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "targetProjects": [ # Output only. The list of target response.
+ { # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+ },
+ ],
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, The name of the target project. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the TargetProject resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.html b/docs/dyn/vmmigration_v1alpha1.html
new file mode 100644
index 0000000..b2310e5
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.html
@@ -0,0 +1,111 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.html">projects()</a></code>
+</p>
+<p class="firstline">Returns the projects Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#new_batch_http_request">new_batch_http_request()</a></code></p>
+<p class="firstline">Create a BatchHttpRequest object based on the discovery document.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="new_batch_http_request">new_batch_http_request()</code>
+ <pre>Create a BatchHttpRequest object based on the discovery document.
+
+ Args:
+ callback: callable, A callback to be called for each response, of the
+ form callback(id, response, exception). The first parameter is the
+ request id, and the second is the deserialized response object. The
+ third is an apiclient.errors.HttpError exception object if an HTTP
+ error occurred while processing the request, or None if no error
+ occurred.
+
+ Returns:
+ A BatchHttpRequest object based on the discovery document.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.html b/docs/dyn/vmmigration_v1alpha1.projects.html
new file mode 100644
index 0000000..cabadfc
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.html
@@ -0,0 +1,91 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.html">locations()</a></code>
+</p>
+<p class="firstline">Returns the locations Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.groups.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.groups.html
new file mode 100644
index 0000000..6481f2f
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.groups.html
@@ -0,0 +1,398 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.groups.html">groups</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#addGroupMigration">addGroupMigration(group, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Adds a MigratingVm to a Group.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, groupId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new Group in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Group.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single Group.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Groups in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single Group.</p>
+<p class="toc_element">
+ <code><a href="#removeGroupMigration">removeGroupMigration(group, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Removes a MigratingVm from a Group.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="addGroupMigration">addGroupMigration(group, body=None, x__xgafv=None)</code>
+ <pre>Adds a MigratingVm to a Group.
+
+Args:
+ group: string, Required. The full path name of the Group to add to. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'AddGroupMigration' request.
+ "migratingVm": "A String", # The full path name of the MigratingVm to add.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, groupId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new Group in a given project and location.
+
+Args:
+ parent: string, Required. The Group's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}
+
+ groupId: string, Required. The group identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Group.
+
+Args:
+ name: string, Required. The Group name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single Group.
+
+Args:
+ name: string, Required. The group name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists Groups in a given project and location.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of groups. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of groups to return. The service may return fewer than this value. If unspecified, at most 500 groups will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListGroups` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListGroups` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListGroups' request.
+ "groups": [ # Output only. The list of groups response.
+ { # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single Group.
+
+Args:
+ name: string, The Group name. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Describes message for 'Group' resource. The Group is a collections of several MigratingVms.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the group.
+ "displayName": "A String", # Display name is a user defined name for this group which can be updated.
+ "name": "A String", # The Group name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the Group resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="removeGroupMigration">removeGroupMigration(group, body=None, x__xgafv=None)</code>
+ <pre>Removes a MigratingVm from a Group.
+
+Args:
+ group: string, Required. The name of the Group. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'RemoveMigration' request.
+ "migratingVm": "A String", # The MigratingVm to remove.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.html
new file mode 100644
index 0000000..5254d51
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.html
@@ -0,0 +1,191 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.groups.html">groups()</a></code>
+</p>
+<p class="firstline">Returns the groups Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.operations.html">operations()</a></code>
+</p>
+<p class="firstline">Returns the operations Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.html">sources()</a></code>
+</p>
+<p class="firstline">Returns the sources Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.targetProjects.html">targetProjects()</a></code>
+</p>
+<p class="firstline">Returns the targetProjects Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets information about a location.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists information about the supported locations for this service.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets information about a location.
+
+Args:
+ name: string, Resource name for the location. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A resource that represents Google Cloud Platform location.
+ "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+ "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+ "a_key": "A String",
+ },
+ "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+ "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists information about the supported locations for this service.
+
+Args:
+ name: string, The resource that owns the locations collection, if applicable. (required)
+ filter: string, A filter to narrow down results to a preferred subset. The filtering language accepts strings like "displayName=tokyo", and is documented in more detail in [AIP-160](https://google.aip.dev/160).
+ pageSize: integer, The maximum number of results to return. If not set, the service selects a default.
+ pageToken: string, A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # The response message for Locations.ListLocations.
+ "locations": [ # A list of locations that matches the specified filter in the request.
+ { # A resource that represents Google Cloud Platform location.
+ "displayName": "A String", # The friendly name for this location, typically a nearby city name. For example, "Tokyo".
+ "labels": { # Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"}
+ "a_key": "A String",
+ },
+ "locationId": "A String", # The canonical id for this location. For example: `"us-east1"`.
+ "metadata": { # Service-specific metadata. For example the available capacity at the given location.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"`
+ },
+ ],
+ "nextPageToken": "A String", # The standard List next-page token.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.operations.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.operations.html
new file mode 100644
index 0000000..ddb5059
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.operations.html
@@ -0,0 +1,235 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.operations.html">operations</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.</p>
+<p class="toc_element">
+ <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.
+
+Args:
+ name: string, The name of the operation resource to be cancelled. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # The request message for Operations.CancelOperation.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+
+Args:
+ name: string, The name of the operation resource to be deleted. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
+
+Args:
+ name: string, The name of the operation resource. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `"/v1/{name=users/*}/operations"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
+
+Args:
+ name: string, The name of the operation's parent resource. (required)
+ filter: string, The standard list filter.
+ pageSize: integer, The standard list page size.
+ pageToken: string, The standard list page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # The response message for Operations.ListOperations.
+ "nextPageToken": "A String", # The standard List next-page token.
+ "operations": [ # A list of operations that matches the specified filter in the request.
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.datacenterConnectors.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.datacenterConnectors.html
new file mode 100644
index 0000000..18d4d87
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.datacenterConnectors.html
@@ -0,0 +1,296 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.datacenterConnectors.html">datacenterConnectors</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, datacenterConnectorId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new DatacenterConnector in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single DatacenterConnector.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single DatacenterConnector.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists DatacenterConnectors in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, datacenterConnectorId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new DatacenterConnector in a given Source.
+
+Args:
+ parent: string, Required. The DatacenterConnector's parent. Required. The Source in where the new DatacenterConnector will be created. For example: `projects/my-project/locations/us-central1/sources/my-source` (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+}
+
+ datacenterConnectorId: string, Required. The datacenterConnector identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single DatacenterConnector.
+
+Args:
+ name: string, Required. The DatacenterConnector name. (required)
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single DatacenterConnector.
+
+Args:
+ name: string, Required. The name of the DatacenterConnector. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists DatacenterConnectors in a given Source.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of connectors. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of connectors to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListDatacenterConnectors` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListDatacenterConnectors` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListDatacenterConnectors' request.
+ "datacenterConnectors": [ # Output only. The list of sources response.
+ { # DatacenterConnector message describes a connector between the Source and GCP, which is installed on a vmware datacenter (an OVA vm installed by the user) to connect the Datacenter to GCP and support vm migration data transfer.
+ "bucket": "A String", # Output only. The communication channel between the datacenter connector and GCP.
+ "createTime": "A String", # Output only. The time the connector was created (as an API call, not when it was actually installed).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Datacenter Connector in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The connector's name.
+ "registrationId": "A String", # Immutable. A unique key for this connector. This key is internal to the OVA connector and is supplied with its creation during the registration process and can not be modified.
+ "serviceAccount": "A String", # The service account to use in the connector when communicating with the cloud.
+ "state": "A String", # Output only. State of the DatacenterConnector, as determined by the health checks.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "updateTime": "A String", # Output only. The last time the connector was updated with an API call.
+ "version": "A String", # The version running in the DatacenterConnector. This is supplied by the OVA connector during the registration process and can not be modified.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.html
new file mode 100644
index 0000000..e22a22c
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.html
@@ -0,0 +1,433 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.datacenterConnectors.html">datacenterConnectors()</a></code>
+</p>
+<p class="firstline">Returns the datacenterConnectors Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.html">migratingVms()</a></code>
+</p>
+<p class="firstline">Returns the migratingVms Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.utilizationReports.html">utilizationReports()</a></code>
+</p>
+<p class="firstline">Returns the utilizationReports Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, sourceId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new Source in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Source.</p>
+<p class="toc_element">
+ <code><a href="#fetchInventory">fetchInventory(source, forceRefresh=None, x__xgafv=None)</a></code></p>
+<p class="firstline">List remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single Source.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Sources in a given project and location.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single Source.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, sourceId=None, x__xgafv=None)</code>
+ <pre>Creates a new Source in a given project and location.
+
+Args:
+ parent: string, Required. The Source's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Source in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ sourceId: string, Required. The source identifier.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Source.
+
+Args:
+ name: string, Required. The Source name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="fetchInventory">fetchInventory(source, forceRefresh=None, x__xgafv=None)</code>
+ <pre>List remote source's inventory of VMs. The remote source is the onprem vCenter (remote in the sense it's not in Compute Engine). The inventory describes the list of existing VMs in that source. Note that this operation lists the VMs on the remote source, as opposed to listing the MigratingVms resources in the vmmigration service.
+
+Args:
+ source: string, Required. The name of the Source. (required)
+ forceRefresh: boolean, If this flag is set to true, the source will be queried instead of using cached results. Using this flag will make the call slower.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for fetchInventory.
+ "updateTime": "A String", # Output only. The timestamp when the source was last queried (if the result is from the cache).
+ "vmwareVms": { # VmwareVmsDetails describes VMs in vCenter. # Output only. The description of the VMs in a Source of type Vmware.
+ "details": [ # The details of the vmware VMs.
+ { # VmwareVmDetails describes a VM in vCenter.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorage": "A String", # The total size of the storage allocated to the VM in MB.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ ],
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single Source.
+
+Args:
+ name: string, Required. The Source name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Source in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists Sources in a given project and location.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of sources. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of sources to return. The service may return fewer than this value. If unspecified, at most 500 sources will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListSources` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListSources` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListSources' request.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "sources": [ # Output only. The list of sources response.
+ { # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Source in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+ },
+ ],
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single Source.
+
+Args:
+ name: string, Output only. The Source name. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Source message describes a specific vm migration Source resource. It contains the source environment information.
+ "createTime": "A String", # Output only. The create time timestamp.
+ "description": "A String", # User-provided description of the source.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Source in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "labels": { # The labels of the source.
+ "a_key": "A String",
+ },
+ "name": "A String", # Output only. The Source name.
+ "updateTime": "A String", # Output only. The update time timestamp.
+ "vmware": { # VmwareSourceDetails message describes a specific source details for the vmware source type. # Vmware type source details.
+ "password": "A String", # Input only. The credentials password. This is write only and can not be read in a GET operation.
+ "thumbprint": "A String", # The thumbprint representing the certificate for the vcenter.
+ "username": "A String", # The credentials username.
+ "vcenterIp": "A String", # The ip address of the vcenter this Source represents.
+ },
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the Source resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cloneJobs.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cloneJobs.html
new file mode 100644
index 0000000..58f210c
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cloneJobs.html
@@ -0,0 +1,748 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.html">migratingVms</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.cloneJobs.html">cloneJobs</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates the cancellation of a running clone job.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, cloneJobId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates a Clone of a specific migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single CloneJob.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists CloneJobs of a given migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Initiates the cancellation of a running clone job.
+
+Args:
+ name: string, Required. The clone job id (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'CancelCloneJob' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, cloneJobId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Initiates a Clone of a specific migrating VM.
+
+Args:
+ parent: string, Required. The Clone's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+}
+
+ cloneJobId: string, Required. The clone job identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single CloneJob.
+
+Args:
+ name: string, Required. The name of the CloneJob. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists CloneJobs of a given migrating VM.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of source VMs. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of clone jobs to return. The service may return fewer than this value. If unspecified, at most 500 clone jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListCloneJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCloneJobs` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListCloneJobs' request.
+ "cloneJobs": [ # Output only. The list of clone jobs response.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cutoverJobs.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cutoverJobs.html
new file mode 100644
index 0000000..dfae5e4
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.cutoverJobs.html
@@ -0,0 +1,757 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.html">migratingVms</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.cutoverJobs.html">cutoverJobs</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#cancel">cancel(name, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates the cancellation of a running cutover job.</p>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, cutoverJobId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Initiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single CutoverJob.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists CutoverJobs of a given migrating VM.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="cancel">cancel(name, body=None, x__xgafv=None)</code>
+ <pre>Initiates the cancellation of a running cutover job.
+
+Args:
+ name: string, Required. The cutover job id (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'CancelCutoverJob' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, cutoverJobId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Initiates a Cutover of a specific migrating VM. The returned LRO is completed when the cutover job resource is created and the job is initiated.
+
+Args:
+ parent: string, Required. The Cutover's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+}
+
+ cutoverJobId: string, Required. The cutover job identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single CutoverJob.
+
+Args:
+ name: string, Required. The name of the CutoverJob. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists CutoverJobs of a given migrating VM.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of migrating VMs. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of cutover jobs to return. The service may return fewer than this value. If unspecified, at most 500 cutover jobs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListCutoverJobs` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListCutoverJobs` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListCutoverJobs' request.
+ "cutoverJobs": [ # Output only. The list of cutover jobs response.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html
new file mode 100644
index 0000000..3285160
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.migratingVms.html
@@ -0,0 +1,2601 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.html">migratingVms</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.cloneJobs.html">cloneJobs()</a></code>
+</p>
+<p class="firstline">Returns the cloneJobs Resource.</p>
+
+<p class="toc_element">
+ <code><a href="vmmigration_v1alpha1.projects.locations.sources.migratingVms.cutoverJobs.html">cutoverJobs()</a></code>
+</p>
+<p class="firstline">Returns the cutoverJobs Resource.</p>
+
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, migratingVmId=None, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new MigratingVm in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#finalizeMigration">finalizeMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Marks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists MigratingVms in a given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single MigratingVm.</p>
+<p class="toc_element">
+ <code><a href="#pauseMigration">pauseMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Pauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.</p>
+<p class="toc_element">
+ <code><a href="#resumeMigration">resumeMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Resumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.</p>
+<p class="toc_element">
+ <code><a href="#startMigration">startMigration(migratingVm, body=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Starts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, migratingVmId=None, requestId=None, x__xgafv=None)</code>
+ <pre>Creates a new MigratingVm in a given Source.
+
+Args:
+ parent: string, Required. The MigratingVm's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progress": 42, # The current progress in percentage of this cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "targetDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # The default configuration of the target VM that will be created in GCP as a result of the migration. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}
+
+ migratingVmId: string, Required. The migratingVm identifier.
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Deletes a single MigratingVm.
+
+Args:
+ name: string, Required. The name of the MigratingVm. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="finalizeMigration">finalizeMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Marks a migration as completed, deleting migration resources that are no longer being used. Only applicable after cutover is done.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'FinalizeMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single MigratingVm.
+
+Args:
+ name: string, Required. The name of the MigratingVm. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progress": 42, # The current progress in percentage of this cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "targetDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # The default configuration of the target VM that will be created in GCP as a result of the migration. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists MigratingVms in a given Source.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of MigratingVms. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of migrating VMs to return. The service may return fewer than this value. If unspecified, at most 500 migrating VMs will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListMigratingVms` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListMigratingVms` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListMigratingVms' request.
+ "migratingVms": [ # Output only. The list of Migrating VMs response.
+ { # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progress": 42, # The current progress in percentage of this cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "targetDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # The default configuration of the target VM that will be created in GCP as a result of the migration. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+ },
+ ],
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single MigratingVm.
+
+Args:
+ name: string, Output only. The identifier of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # MigratingVm describes the VM that will be migrated from a Source environment and its replication state.
+ "computeEngineTargetDefaults": { # ComputeEngineTargetDefaults is a collection of details for creating a VM in a target Compute Engine project. # Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the migrating VM was created (this refers to this resource and not to the time it was installed in the source).
+ "currentSyncInfo": { # ReplicationCycle contains information about the current replication cycle status. # Output only. The percentage progress of the current running replication cycle.
+ "progress": 42, # The current progress in percentage of this cycle.
+ "progressPercent": 42, # The current progress in percentage of this cycle.
+ "startTime": "A String", # The time the replication cycle has started.
+ },
+ "description": "A String", # The description attached to the migrating VM by the user.
+ "displayName": "A String", # The display name attached to the MigratingVm by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the Migrating VM in case of an error in replication.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "group": "A String", # Output only. The group this migrating vm is included in, if any. The group is represented by the full path of the appropriate Group resource.
+ "labels": { # The labels of the migrating VM.
+ "a_key": "A String",
+ },
+ "lastSync": { # ReplicationSync contain information about the last replica sync to the cloud. # Output only. The most updated snapshot created time in the source that finished replication.
+ "lastSyncTime": "A String", # The most updated snapshot created time in the source that finished replication.
+ },
+ "name": "A String", # Output only. The identifier of the MigratingVm.
+ "policy": { # A policy for scheduling replications. # The replication schedule policy.
+ "idleDuration": "A String", # The idle duration between replication stages.
+ "skipOsAdaptation": True or False, # A flag to indicate whether to skip OS adaptation during the replication sync. OS adaptation is a process where the VM's operating system undergoes changes and adaptations to fully function on Compute Engine.
+ },
+ "recentCloneJobs": [ # Output only. The recent clone jobs performed on the migrating VM. This field holds the vm's last completed clone job and the vm's running clone job, if one exists.
+ { # CloneJob describes the process of creating a clone of a MigratingVM to the requested target based on the latest successful uploaded snapshots. While the migration cycles of a MigratingVm take place, it is possible to verify the uploaded VM can be started in the cloud, by creating a clone. The clone can be created without any downtime, and it is created using the latest snapshots which are already in the cloud. The cloneJob is only responsible for its work, not its products, which means once it is finished, it will never touch the instance it created. It will only delete it in case of the CloneJob being cancelled or upon failure to clone.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the clone job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Clone Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # The name of the clone.
+ "state": "A String", # Output only. State of the clone job.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this clone job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "recentCutoverJobs": [ # Output only. The recent cutover jobs performed on the migrating VM. This field holds the vm's last completed cutover job and the vm's running cutover job, if one exists.
+ { # CutoverJob message describes a cutover of a migrating VM. The CutoverJob is the operation of shutting down the VM, creating a snapshot and clonning the VM using the replicated snapshot.
+ "computeEngineTargetDetails": { # ComputeEngineTargetDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the target VM in Compute Engine.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The GCP target project ID or project name.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "vmName": "A String", # The name of the VM to create.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "computeEngineVmDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM in Compute Engine. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "createTime": "A String", # Output only. The time the cutover job was created (as an API call, not when it was actually created in the target).
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details for the errors that led to the Cutover Job's state.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "name": "A String", # Output only. The name of the cutover job.
+ "progress": 42, # Output only. The current progress in percentage of the cutover job.
+ "progressPercent": 42, # Output only. The current progress in percentage of the cutover job.
+ "state": "A String", # Output only. State of the cutover job.
+ "stateMessage": "A String", # Output only. A message providing possible extra details about the current state.
+ "stateTime": "A String", # Output only. The time the state was last updated.
+ "targetDetails": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # Output only. Details of the VM to create as the target of this cutover job. Deprecated: Use compute_engine_target_details instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ },
+ ],
+ "sourceVmId": "A String", # The unique ID of the VM in the source. The VM's name in vSphere can be changed, so this is not the VM's name but rather its moRef id. This id is of the form vm-.
+ "state": "A String", # Output only. State of the MigratingVm.
+ "stateTime": "A String", # Output only. The last time the migrating VM state was updated.
+ "targetDefaults": { # TargetVMDetails is a collection of details for creating a VM in a target Compute Engine project. # The default configuration of the target VM that will be created in GCP as a result of the migration. Deprecated: Use compute_engine_target_defaults instead.
+ "appliedLicense": { # AppliedLicense holds the license data returned by adaptation module report. # Output only. The OS license returned from the adaptation module report.
+ "osLicense": "A String", # The OS license returned from the adaptation module's report.
+ "type": "A String", # The license type that was used in OS adaptation.
+ },
+ "bootOption": "A String", # Output only. The VM Boot Option, as set in the source vm.
+ "computeScheduling": { # Scheduling information for VM on maintenance/restart behaviour and node allocation in sole tenant nodes. # Compute instance scheduling information (if empty default is used).
+ "automaticRestart": True or False,
+ "minNodeCpus": 42, # The minimum number of virtual CPUs this instance will consume when running on a sole-tenant node. Ignored if no node_affinites are configured.
+ "nodeAffinities": [ # A set of node affinity and anti-affinity configurations for sole tenant nodes.
+ { # Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled. Based on https://cloud.google.com/compute/docs/reference/rest/v1/instances/setScheduling
+ "key": "A String", # The label key of Node resource to reference.
+ "operator": "A String", # The operator to use for the node resources specified in the `values` parameter.
+ "values": [ # Corresponds to the label values of Node resource.
+ "A String",
+ ],
+ },
+ ],
+ "onHostMaintenance": "A String", # How the instance should behave when the host machine undergoes maintenance that may temporarily impact instance performance.
+ "restartType": "A String", # Whether the Instance should be automatically restarted whenever it is terminated by Compute Engine (not terminated by user). This configuration is identical to `automaticRestart` field in Compute Engine create instance under scheduling. It was changed to an enum (instead of a boolean) to match the default value in Compute Engine which is automatic restart.
+ },
+ "diskType": "A String", # The disk type to use in the VM.
+ "externalIp": "A String", # The external IP to define in the VM.
+ "internalIp": "A String", # The internal IP to define in the VM. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "labels": { # A map of labels to associate with the VM.
+ "a_key": "A String",
+ },
+ "licenseType": "A String", # The license type to use in OS adaptation.
+ "machineType": "A String", # The machine type to create the VM with.
+ "machineTypeSeries": "A String", # The machine type series to create the VM with.
+ "metadata": { # The metadata key/value pairs to assign to the VM.
+ "a_key": "A String",
+ },
+ "name": "A String", # The name of the VM to create.
+ "network": "A String", # The network to connect the VM to.
+ "networkInterfaces": [ # List of NICs connected to this VM.
+ { # NetworkInterface represents a NIC of a VM.
+ "externalIp": "A String", # The external IP to define in the NIC.
+ "internalIp": "A String", # The internal IP to define in the NIC. The formats accepted are: `ephemeral` \ ipv4 address \ a named address resource full path.
+ "network": "A String", # The network to connect the NIC to.
+ "subnetwork": "A String", # The subnetwork to connect the NIC to.
+ },
+ ],
+ "networkTags": [ # A map of network tags to associate with the VM.
+ "A String",
+ ],
+ "project": "A String", # The project in which to create the VM.
+ "secureBoot": True or False, # Defines whether the instance has Secure Boot enabled. This can be set to true only if the vm boot option is EFI.
+ "serviceAccount": "A String", # The service account to associate the VM with.
+ "subnetwork": "A String", # The subnetwork to connect the VM to.
+ "targetProject": "A String", # The full path of the resource of type TargetProject which represents the Compute Engine project in which to create this VM.
+ "zone": "A String", # The zone in which to create the VM.
+ },
+ "updateTime": "A String", # Output only. The last time the migrating VM resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the MigratingVm resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="pauseMigration">pauseMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Pauses a migration for a VM. If cycle tasks are running they will be cancelled, preserving source task data. Further replication cycles will not be triggered while the VM is paused.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'PauseMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="resumeMigration">resumeMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Resumes a migration for a VM. When called on a paused migration, will start the process of uploading data and creating snapshots; when called on a completed cut-over migration, will update the migration to active state and start the process of uploading data and creating snapshots.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'ResumeMigration' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="startMigration">startMigration(migratingVm, body=None, x__xgafv=None)</code>
+ <pre>Starts migration for a VM. Starts the process of uploading data and creating snapshots, in replication cycles scheduled by the policy.
+
+Args:
+ migratingVm: string, Required. The name of the MigratingVm. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Request message for 'StartMigrationRequest' request.
+}
+
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.utilizationReports.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.utilizationReports.html
new file mode 100644
index 0000000..b6246fe
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.sources.utilizationReports.html
@@ -0,0 +1,420 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.html">sources</a> . <a href="vmmigration_v1alpha1.projects.locations.sources.utilizationReports.html">utilizationReports</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, utilizationReportId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new UtilizationReport.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single Utilization Report.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, view=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets a single Utilization Report.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists Utilization Reports of the given Source.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, utilizationReportId=None, x__xgafv=None)</code>
+ <pre>Creates a new UtilizationReport.
+
+Args:
+ parent: string, Required. The Utilization Report's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAverage": 42, # Average CPU usage, percent.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMax": 42, # Max CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverage": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMax": "A String", # Max disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAverage": 42, # Average memory usage, percent.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMax": 42, # Max memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverage": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMax": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorage": "A String", # The total size of the storage allocated to the VM in MB.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+ "vmsCount": 42, # Output only. Total number of VMs included in the report.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ utilizationReportId: string, Required. The ID to use for the report, which will become the final component of the reports's resource name. This value maximum length is 63 characters, and valid characters are /a-z-/. It must start with an english letter and must not end with a hyphen.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single Utilization Report.
+
+Args:
+ name: string, Required. The Utilization Report name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, view=None, x__xgafv=None)</code>
+ <pre>Gets a single Utilization Report.
+
+Args:
+ name: string, Required. The Utilization Report name. (required)
+ view: string, Optional. The level of details of the report. Defaults to FULL
+ Allowed values
+ UTILIZATION_REPORT_VIEW_UNSPECIFIED - The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
+ BASIC - Get the report metadata, without the list of VMs and their utilization info.
+ FULL - Include everything.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAverage": 42, # Average CPU usage, percent.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMax": 42, # Max CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverage": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMax": "A String", # Max disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAverage": 42, # Average memory usage, percent.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMax": 42, # Max memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverage": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMax": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorage": "A String", # The total size of the storage allocated to the VM in MB.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+ "vmsCount": 42, # Output only. Total number of VMs included in the report.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</code>
+ <pre>Lists Utilization Reports of the given Source.
+
+Args:
+ parent: string, Required. The Utilization Reports parent. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of reports to return. The service may return fewer than this value. If unspecified, at most 500 reports will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListUtilizationReports` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListUtilizationReports` must match the call that provided the page token.
+ view: string, Optional. The level of details of each report. Defaults to BASIC.
+ Allowed values
+ UTILIZATION_REPORT_VIEW_UNSPECIFIED - The default / unset value. The API will default to FULL on single report request and BASIC for multiple reports request.
+ BASIC - Get the report metadata, without the list of VMs and their utilization info.
+ FULL - Include everything.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListUtilizationReports' request.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+ "utilizationReports": [ # Output only. The list of reports.
+ { # Utilization report details the utilization (CPU, memory, etc.) of selected source VMs.
+ "createTime": "A String", # Output only. The time the report was created (this refers to the time of the request, not the time the report creation completed).
+ "displayName": "A String", # The report display name, as assigned by the user.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Output only. Provides details on the state of the report in case of an error.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "frameEndTime": "A String", # Output only. The point in time when the time frame ends. Notice that the time frame is counted backwards. For instance if the "frame_end_time" value is 2021/01/20 and the time frame is WEEK then the report covers the week between 2021/01/20 and 2021/01/14.
+ "name": "A String", # Output only. The report unique name.
+ "state": "A String", # Output only. Current state of the report.
+ "stateTime": "A String", # Output only. The time the state was last set.
+ "timeFrame": "A String", # Time frame of the report.
+ "vmCount": 42, # Output only. Total number of VMs included in the report.
+ "vms": [ # List of utilization information per VM. When sent as part of the request, the "vm_id" field is used in order to specify which VMs to include in the report. In that case all other fields are ignored.
+ { # Utilization information of a single VM.
+ "utilization": { # Utilization metrics values for a single VM. # Utilization metrics for this VM.
+ "cpuAverage": 42, # Average CPU usage, percent.
+ "cpuAveragePercent": 42, # Average CPU usage, percent.
+ "cpuMax": 42, # Max CPU usage, percent.
+ "cpuMaxPercent": 42, # Max CPU usage, percent.
+ "diskIoRateAverage": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateAverageKbps": "A String", # Average disk IO rate, in kilobytes per second.
+ "diskIoRateMax": "A String", # Max disk IO rate, in kilobytes per second.
+ "diskIoRateMaxKbps": "A String", # Max disk IO rate, in kilobytes per second.
+ "memoryAverage": 42, # Average memory usage, percent.
+ "memoryAveragePercent": 42, # Average memory usage, percent.
+ "memoryMax": 42, # Max memory usage, percent.
+ "memoryMaxPercent": 42, # Max memory usage, percent.
+ "networkThroughputAverage": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputAverageKbps": "A String", # Average network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMax": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ "networkThroughputMaxKbps": "A String", # Max network throughput (combined transmit-rates and receive-rates), in kilobytes per second.
+ },
+ "vmId": "A String", # The VM's ID in the source.
+ "vmwareVmDetails": { # VmwareVmDetails describes a VM in vCenter. # The description of the VM in a Source of type Vmware.
+ "bootOption": "A String", # Output only. The VM Boot Option.
+ "committedStorage": "A String", # The total size of the storage allocated to the VM in MB.
+ "committedStorageMb": "A String", # The total size of the storage allocated to the VM in MB.
+ "cpuCount": 42, # The number of cpus in the VM.
+ "datacenterDescription": "A String", # The descriptive name of the vCenter's datacenter this VM is contained in.
+ "datacenterId": "A String", # The id of the vCenter's datacenter this VM is contained in.
+ "diskCount": 42, # The number of disks the VM has.
+ "displayName": "A String", # The display name of the VM. Note that this is not necessarily unique.
+ "guestDescription": "A String", # The VM's OS. See for example https://pubs.vmware.com/vi-sdk/visdk250/ReferenceGuide/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html for types of strings this might hold.
+ "memoryMb": 42, # The size of the memory of the VM in MB.
+ "powerState": "A String", # The power state of the VM at the moment list was taken.
+ "uuid": "A String", # The unique identifier of the VM in vCenter.
+ "vmId": "A String", # The VM's id in the source (note that this is not the MigratingVm's id). This is the moref id of the VM.
+ },
+ },
+ ],
+ "vmsCount": 42, # Output only. Total number of VMs included in the report.
+ },
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+</body></html>
\ No newline at end of file
diff --git a/docs/dyn/vmmigration_v1alpha1.projects.locations.targetProjects.html b/docs/dyn/vmmigration_v1alpha1.projects.locations.targetProjects.html
new file mode 100644
index 0000000..74fc259
--- /dev/null
+++ b/docs/dyn/vmmigration_v1alpha1.projects.locations.targetProjects.html
@@ -0,0 +1,308 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="vmmigration_v1alpha1.html">VM Migration API</a> . <a href="vmmigration_v1alpha1.projects.html">projects</a> . <a href="vmmigration_v1alpha1.projects.locations.html">locations</a> . <a href="vmmigration_v1alpha1.projects.locations.targetProjects.html">targetProjects</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#close">close()</a></code></p>
+<p class="firstline">Close httplib2 connections.</p>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, requestId=None, targetProjectId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Creates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, requestId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Deletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Gets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Lists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="close">close()</code>
+ <pre>Close httplib2 connections.</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, requestId=None, targetProjectId=None, x__xgafv=None)</code>
+ <pre>Creates a new TargetProject in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ parent: string, Required. The TargetProject's parent. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ targetProjectId: string, Required. The target_project identifier.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, requestId=None, x__xgafv=None)</code>
+ <pre>Deletes a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, Required. The TargetProject name. (required)
+ requestId: string, Optional. A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Gets details of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, Required. The TargetProject name. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
+ <pre>Lists TargetProjects in a given project. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ parent: string, Required. The parent, which owns this collection of targets. (required)
+ filter: string, Optional. The filter request.
+ orderBy: string, Optional. the order by fields for the result.
+ pageSize: integer, Optional. The maximum number of targets to return. The service may return fewer than this value. If unspecified, at most 500 targets will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
+ pageToken: string, Required. A page token, received from a previous `ListTargets` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListTargets` must match the call that provided the page token.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # Response message for 'ListTargetProjects' call.
+ "nextPageToken": "A String", # Output only. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
+ "targetProjects": [ # Output only. The list of target response.
+ { # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+ },
+ ],
+ "unreachable": [ # Output only. Locations that could not be reached.
+ "A String",
+ ],
+}</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Updates the parameters of a single TargetProject. NOTE: TargetProject is a global resource; hence the only supported value for location is `global`.
+
+Args:
+ name: string, The name of the target project. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # TargetProject message represents a target Compute Engine project for a migration or a clone.
+ "createTime": "A String", # Output only. The time this target project resource was created (not related to when the Compute Engine project it points to was created).
+ "description": "A String", # The target project's description.
+ "name": "A String", # The name of the target project.
+ "project": "A String", # The target project ID (number) or project name.
+ "updateTime": "A String", # Output only. The last time the target project resource was updated.
+}
+
+ requestId: string, A request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and t he request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+ updateMask: string, Field mask is used to specify the fields to be overwritten in the TargetProject resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the user does not provide a mask then all fields will be overwritten.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # This resource represents a long-running operation that is the result of a network API call.
+ "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+ "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+ "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+ "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+ },
+ "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+ "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+}</pre>
+</div>
+
+</body></html>
\ No newline at end of file