Blame - docs/dyn/bigqueryconnection_v1beta1.projects.locations.connections.html - platform/external/python/google-api-python-client

2020-07-22 17:02:09 -0700

[diff] [blame]

90

<code><a href="#list">list(parent, pageToken=None, maxResults=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

91

<p class="firstline">Returns a list of connections in the given project.</p>

92

93

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

94

<p class="firstline">Retrieves the next page of results.</p>

95

96

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

97

<p class="firstline">Updates the specified connection. For security reasons, also resets</p>

98

99

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

100

<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>

101

102

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

103

<p class="firstline">Returns permissions that a caller has on the specified resource.</p>

104

105

<code><a href="#updateCredential">updateCredential(name, body=None, x__xgafv=None)</a></code></p>

106

<p class="firstline">Sets the credential for the specified connection.</p>

107

<h3>Method Details</h3>

108

109

<code class="details" id="create">create(parent, body=None, connectionId=None, x__xgafv=None)</code>

110

<pre>Creates a new connection.

111

112

Args:

113

parent: string, Required. Parent resource name.

114

Must be in the format `projects/{project_id}/locations/{location_id}` (required)

115

body: object, The request body.

116

The object takes the form of:

117

118

{ # Configuration parameters to establish connection with an external data

119

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

120

"creationTime": "A String", # Output only. The creation timestamp of the connection.

121

"name": "A String", # The resource name of the connection in the form of:

122

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

123

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

124

"database": "A String", # Database name.

125

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

126

"type": "A String", # Type of the Cloud SQL database.

127

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

128

"password": "A String", # The password for the credential.

129

"username": "A String", # The username for the credential.

130

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

131

},

132

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

133

"friendlyName": "A String", # User provided display name for the connection.

134

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

135

"description": "A String", # User provided description.

136

}

137

138

connectionId: string, Optional. Connection id that should be assigned to the created connection.

139

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

146

147

{ # Configuration parameters to establish connection with an external data

148

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

149

"creationTime": "A String", # Output only. The creation timestamp of the connection.

150

"name": "A String", # The resource name of the connection in the form of:

151

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

152

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

153

"database": "A String", # Database name.

154

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

155

"type": "A String", # Type of the Cloud SQL database.

156

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

157

"password": "A String", # The password for the credential.

158

"username": "A String", # The username for the credential.

159

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

160

},

161

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

162

"friendlyName": "A String", # User provided display name for the connection.

163

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

164

"description": "A String", # User provided description.

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

170

<pre>Deletes connection and associated credential.

Args:

`projects/{project_id}/locations/{location_id}/connections/{connection_id}` (required)

175

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

182

183

{ # A generic empty message that you can re-use to avoid defining duplicated

184

# empty messages in your APIs. A typical example is to use it as the request

185

# or the response type of an API method. For instance:

186

#

187

# service Foo {

188

# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);

189

# }

190

#

191

# The JSON representation for `Empty` is empty JSON object `{}`.

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

197

<pre>Returns specified connection.

Args:

`projects/{project_id}/locations/{location_id}/connections/{connection_id}` (required)

202

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

209

210

{ # Configuration parameters to establish connection with an external data

211

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

212

"creationTime": "A String", # Output only. The creation timestamp of the connection.

213

"name": "A String", # The resource name of the connection in the form of:

214

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

215

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

216

"database": "A String", # Database name.

217

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

218

"type": "A String", # Type of the Cloud SQL database.

219

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

220

"password": "A String", # The password for the credential.

221

"username": "A String", # The username for the credential.

222

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

223

},

224

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

225

"friendlyName": "A String", # User provided display name for the connection.

226

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

227

"description": "A String", # User provided description.

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>

233

<pre>Gets the access control policy for a resource.

234

Returns an empty policy if the resource exists and does not have a policy

set.

Args:

resource: string, REQUIRED: The resource for which the policy is being requested.

239

See the operation documentation for the appropriate value for this field. (required)

240

body: object, The request body.

241

The object takes the form of:

242

243

{ # Request message for `GetIamPolicy` method.

244

"options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to

245

# `GetIamPolicy`.

246

"requestedPolicyVersion": 42, # Optional. The policy format version to be returned.

247

#

248

# Valid values are 0, 1, and 3. Requests specifying an invalid value will be

249

# rejected.

250

#

251

# Requests for policies with any conditional bindings must specify version 3.

252

# Policies without any conditional bindings may specify any valid value or

253

# leave the field unset.

254

#

255

# To learn which resources support conditions in their IAM policies, see the

256

# [IAM

257

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

},

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

268

269

{ # An Identity and Access Management (IAM) policy, which specifies access

270

# controls for Google Cloud resources.

271

#

272

#

273

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

274

# `members` to a single `role`. Members can be user accounts, service accounts,

275

# Google groups, and domains (such as G Suite). A `role` is a named list of

276

# permissions; each `role` can be an IAM predefined role or a user-created

277

# custom role.

278

#

279

# For some types of Google Cloud resources, a `binding` can also specify a

280

# `condition`, which is a logical expression that allows access to a resource

281

# only if the expression evaluates to `true`. A condition can add constraints

282

# based on attributes of the request, the resource, or both. To learn which

283

# resources support conditions in their IAM policies, see the

284

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

292

# "members": [

293

# "user:mike@example.com",

294

# "group:admins@example.com",

295

# "domain:google.com",

296

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

301

# "members": [

302

# "user:eve@example.com"

303

# ],

304

# "condition": {

305

# "title": "expirable access",

306

# "description": "Does not grant access after Sep 2020",

307

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

320

# - group:admins@example.com

321

# - domain:google.com

322

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

323

# role: roles/resourcemanager.organizationAdmin

324

# - members:

325

# - user:eve@example.com

326

# role: roles/resourcemanager.organizationViewer

327

# condition:

328

# title: expirable access

329

# description: Does not grant access after Sep 2020

330

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

331

# - etag: BwWWja0YfJA=

332

# - version: 3

333

#

334

# For a description of IAM and its features, see the

335

# [IAM documentation](https://cloud.google.com/iam/docs/).

336

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

337

# prevent simultaneous updates of a policy from overwriting each other.

338

# It is strongly suggested that systems make use of the `etag` in the

339

# read-modify-write cycle to perform policy updates in order to avoid race

340

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

341

# systems are expected to put that etag in the request to `setIamPolicy` to

342

# ensure that their change will be applied to the same version of the policy.

343

#

344

# **Important:** If you use IAM Conditions, you must include the `etag` field

345

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

346

# you to overwrite a version `3` policy with a version `1` policy, and all of

347

# the conditions in the version `3` policy are lost.

348

"version": 42, # Specifies the format of the policy.

349

#

350

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

351

# are rejected.

352

#

353

# Any operation that affects conditional role bindings must specify version

354

# `3`. This requirement applies to the following operations:

355

#

356

# * Getting a policy that includes a conditional role binding

357

# * Adding a conditional role binding to a policy

358

# * Changing a conditional role binding in a policy

359

# * Removing any role binding, with or without a condition, from a policy

360

# that includes conditions

361

#

362

# **Important:** If you use IAM Conditions, you must include the `etag` field

363

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

364

# you to overwrite a version `3` policy with a version `1` policy, and all of

365

# the conditions in the version `3` policy are lost.

366

#

367

# If a policy does not include any conditions, operations on that policy may

368

# specify any valid version or leave the field unset.

369

#

370

# To learn which resources support conditions in their IAM policies, see the

371

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

372

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

373

{ # Specifies the audit configuration for a service.

374

# The configuration determines which permission types are logged, and what

375

# identities, if any, are exempted from logging.

376

# An AuditConfig must have one or more AuditLogConfigs.

377

#

378

# If there are AuditConfigs for both `allServices` and a specific service,

379

# the union of the two AuditConfigs is used for that service: the log_types

380

# specified in each AuditConfig are enabled, and the exempted_members in each

381

# AuditLogConfig are exempted.

382

#

383

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

388

# "service": "allServices",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

389

# "audit_log_configs": [

390

# {

391

# "log_type": "DATA_READ",

392

# "exempted_members": [

393

# "user:jose@example.com"

394

# ]

395

# },

396

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

397

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

398

# },

399

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

400

# "log_type": "ADMIN_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# },

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

405

# "service": "sampleservice.googleapis.com",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

406

# "audit_log_configs": [

407

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

408

# "log_type": "DATA_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

409

# },

410

# {

411

# "log_type": "DATA_WRITE",

412

# "exempted_members": [

413

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

422

# logging. It also exempts jose@example.com from DATA_READ logging, and

423

# aliya@example.com from DATA_WRITE logging.

424

"service": "A String", # Specifies a service that will be enabled for audit logging.

425

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

426

# `allServices` is a special value that covers all services.

427

"auditLogConfigs": [ # The configuration for logging of each type of permission.

428

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

433

# {

434

# "log_type": "DATA_READ",

435

# "exempted_members": [

436

# "user:jose@example.com"

437

# ]

438

# },

439

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

440

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

446

# jose@example.com from DATA_READ logging.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

447

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

448

# permission.

449

# Follows the same format of Binding.members.

450

"A String",

451

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

452

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

458

# `condition` that determines how and when the `bindings` are applied. Each

459

# of the `bindings` must contain at least one member.

460

{ # Associates `members` with a `role`.

461

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

462

#

463

# If the condition evaluates to `true`, then this binding applies to the

464

# current request.

465

#

466

# If the condition evaluates to `false`, then this binding does not apply to

467

# the current request. However, a different role binding might grant the same

468

# role to one or more of the members in this binding.

469

#

470

# To learn which resources support conditions in their IAM policies, see the

471

# [IAM

472

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

473

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

474

# are documented at https://github.com/google/cel-spec.

475

#

476

# Example (Comparison):

477

#

478

# title: "Summary size limit"

479

# description: "Determines if a summary is less than 100 chars"

480

# expression: "document.summary.size() < 100"

481

#

482

# Example (Equality):

483

#

484

# title: "Requestor is owner"

485

# description: "Determines if requestor is the document owner"

486

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

491

# description: "Determine whether the document should be publicly visible"

492

# expression: "document.type != 'private' && document.type != 'internal'"

493

#

494

# Example (Data Manipulation):

495

#

496

# title: "Notification string"

497

# description: "Create a notification string with a timestamp."

498

# expression: "'New message received at ' + string(document.create_time)"

499

#

500

# The exact variables and functions that may be referenced within an expression

501

# are determined by the service that evaluates it. See the service

502

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

503

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

504

# its purpose. This can be used e.g. in UIs which allow to enter the

505

# expression.

506

"location": "A String", # Optional. String indicating the location of the expression for error

507

# reporting, e.g. a file name and a position in the file.

508

"description": "A String", # Optional. Description of the expression. This is a longer text which

509

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

510

"expression": "A String", # Textual representation of an expression in Common Expression Language

511

# syntax.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

512

},

513

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

514

# `members` can have the following values:

515

#

516

# * `allUsers`: A special identifier that represents anyone who is

517

# on the internet; with or without a Google account.

518

#

519

# * `allAuthenticatedUsers`: A special identifier that represents anyone

520

# who is authenticated with a Google account or a service account.

521

#

522

# * `user:{emailid}`: An email address that represents a specific Google

523

# account. For example, `alice@example.com` .

524

#

525

#

526

# * `serviceAccount:{emailid}`: An email address that represents a service

527

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

528

#

529

# * `group:{emailid}`: An email address that represents a Google group.

530

# For example, `admins@example.com`.

531

#

532

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

533

# identifier) representing a user that has been recently deleted. For

534

# example, `alice@example.com?uid=123456789012345678901`. If the user is

535

# recovered, this value reverts to `user:{emailid}` and the recovered user

536

# retains the role in the binding.

537

#

538

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

539

# unique identifier) representing a service account that has been recently

540

# deleted. For example,

541

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

542

# If the service account is undeleted, this value reverts to

543

# `serviceAccount:{emailid}` and the undeleted service account retains the

544

# role in the binding.

545

#

546

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

547

# identifier) representing a Google group that has been recently

548

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

549

# the group is recovered, this value reverts to `group:{emailid}` and the

550

# recovered group retains the role in the binding.

551

#

552

#

553

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

554

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

559

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

},

],

}</pre>

</div>

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

566

<code class="details" id="list">list(parent, pageToken=None, maxResults=None, x__xgafv=None)</code>

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

567

<pre>Returns a list of connections in the given project.

568

569

Args:

570

parent: string, Required. Parent resource name.

571

Must be in the form: `projects/{project_id}/locations/{location_id}` (required)

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

572

pageToken: string, Page token.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

573

maxResults: integer, Required. Maximum number of results per page.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

574

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

581

582

{ # The response for ConnectionService.ListConnections.

583

"nextPageToken": "A String", # Next page token.

584

"connections": [ # List of connections.

585

{ # Configuration parameters to establish connection with an external data

586

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

587

"creationTime": "A String", # Output only. The creation timestamp of the connection.

588

"name": "A String", # The resource name of the connection in the form of:

589

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

590

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

591

"database": "A String", # Database name.

592

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

593

"type": "A String", # Type of the Cloud SQL database.

594

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

595

"password": "A String", # The password for the credential.

596

"username": "A String", # The username for the credential.

597

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

598

},

599

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

600

"friendlyName": "A String", # User provided display name for the connection.

601

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

602

"description": "A String", # User provided description.

},

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

610

<pre>Retrieves the next page of results.

611

612

Args:

613

previous_request: The request for the previous page. (required)

614

previous_response: The response from the request for the previous page. (required)

615

616

Returns:

617

A request object that you can call 'execute()' on to request the next

618

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

624

<pre>Updates the specified connection. For security reasons, also resets

625

credential if connection properties are in the update field mask.

Args:

`projects/{project_id}/locations/{location_id}/connections/{connection_id}` (required)

630

body: object, The request body.

631

The object takes the form of:

632

633

{ # Configuration parameters to establish connection with an external data

634

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

635

"creationTime": "A String", # Output only. The creation timestamp of the connection.

636

"name": "A String", # The resource name of the connection in the form of:

637

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

638

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

639

"database": "A String", # Database name.

640

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

641

"type": "A String", # Type of the Cloud SQL database.

642

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

643

"password": "A String", # The password for the credential.

644

"username": "A String", # The username for the credential.

645

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

646

},

647

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

648

"friendlyName": "A String", # User provided display name for the connection.

649

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

650

"description": "A String", # User provided description.

651

}

652

653

updateMask: string, Required. Update mask for the connection fields to be updated.

654

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

661

662

{ # Configuration parameters to establish connection with an external data

663

# source, except the credential attributes.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

664

"creationTime": "A String", # Output only. The creation timestamp of the connection.

665

"name": "A String", # The resource name of the connection in the form of:

666

# `projects/{project_id}/locations/{location_id}/connections/{connection_id}`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

667

"cloudSql": { # Connection properties specific to the Cloud SQL. # Cloud SQL properties.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

668

"database": "A String", # Database name.

669

"instanceId": "A String", # Cloud SQL instance ID in the form `project:location:instance`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

670

"type": "A String", # Type of the Cloud SQL database.

671

"credential": { # Credential info for the Cloud SQL. # Input only. Cloud SQL credential.

672

"password": "A String", # The password for the credential.

673

"username": "A String", # The username for the credential.

674

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

675

},

676

"hasCredential": True or False, # Output only. True, if credential is configured for this connection.

677

"friendlyName": "A String", # User provided display name for the connection.

678

"lastModifiedTime": "A String", # Output only. The last update timestamp of the connection.

679

"description": "A String", # User provided description.

}</pre>

</div>

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

685

<pre>Sets the access control policy on the specified resource. Replaces any

686

existing policy.

687

688

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

689

690

Args:

691

resource: string, REQUIRED: The resource for which the policy is being specified.

692

See the operation documentation for the appropriate value for this field. (required)

693

body: object, The request body.

694

The object takes the form of:

695

696

{ # Request message for `SetIamPolicy` method.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

697

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

698

# the fields in the mask will be modified. If no mask is provided, the

699

# following default mask is used:

700

#

701

# `paths: "bindings, etag"`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

702

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

703

# the policy is limited to a few 10s of KB. An empty policy is a

704

# valid policy but certain Cloud Platform services (such as Projects)

705

# might reject them.

706

# controls for Google Cloud resources.

707

#

708

#

709

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

710

# `members` to a single `role`. Members can be user accounts, service accounts,

711

# Google groups, and domains (such as G Suite). A `role` is a named list of

712

# permissions; each `role` can be an IAM predefined role or a user-created

713

# custom role.

714

#

715

# For some types of Google Cloud resources, a `binding` can also specify a

716

# `condition`, which is a logical expression that allows access to a resource

717

# only if the expression evaluates to `true`. A condition can add constraints

718

# based on attributes of the request, the resource, or both. To learn which

719

# resources support conditions in their IAM policies, see the

720

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

728

# "members": [

729

# "user:mike@example.com",

730

# "group:admins@example.com",

731

# "domain:google.com",

732

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

737

# "members": [

738

# "user:eve@example.com"

739

# ],

740

# "condition": {

741

# "title": "expirable access",

742

# "description": "Does not grant access after Sep 2020",

743

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

756

# - group:admins@example.com

757

# - domain:google.com

758

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

759

# role: roles/resourcemanager.organizationAdmin

760

# - members:

761

# - user:eve@example.com

762

# role: roles/resourcemanager.organizationViewer

763

# condition:

764

# title: expirable access

765

# description: Does not grant access after Sep 2020

766

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

767

# - etag: BwWWja0YfJA=

768

# - version: 3

769

#

770

# For a description of IAM and its features, see the

771

# [IAM documentation](https://cloud.google.com/iam/docs/).

772

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

773

# prevent simultaneous updates of a policy from overwriting each other.

774

# It is strongly suggested that systems make use of the `etag` in the

775

# read-modify-write cycle to perform policy updates in order to avoid race

776

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

777

# systems are expected to put that etag in the request to `setIamPolicy` to

778

# ensure that their change will be applied to the same version of the policy.

779

#

780

# **Important:** If you use IAM Conditions, you must include the `etag` field

781

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

782

# you to overwrite a version `3` policy with a version `1` policy, and all of

783

# the conditions in the version `3` policy are lost.

784

"version": 42, # Specifies the format of the policy.

785

#

786

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

787

# are rejected.

788

#

789

# Any operation that affects conditional role bindings must specify version

790

# `3`. This requirement applies to the following operations:

791

#

792

# * Getting a policy that includes a conditional role binding

793

# * Adding a conditional role binding to a policy

794

# * Changing a conditional role binding in a policy

795

# * Removing any role binding, with or without a condition, from a policy

796

# that includes conditions

797

#

798

# **Important:** If you use IAM Conditions, you must include the `etag` field

799

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

800

# you to overwrite a version `3` policy with a version `1` policy, and all of

801

# the conditions in the version `3` policy are lost.

802

#

803

# If a policy does not include any conditions, operations on that policy may

804

# specify any valid version or leave the field unset.

805

#

806

# To learn which resources support conditions in their IAM policies, see the

807

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

808

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

809

{ # Specifies the audit configuration for a service.

810

# The configuration determines which permission types are logged, and what

811

# identities, if any, are exempted from logging.

812

# An AuditConfig must have one or more AuditLogConfigs.

813

#

814

# If there are AuditConfigs for both `allServices` and a specific service,

815

# the union of the two AuditConfigs is used for that service: the log_types

816

# specified in each AuditConfig are enabled, and the exempted_members in each

817

# AuditLogConfig are exempted.

818

#

819

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

824

# "service": "allServices",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

825

# "audit_log_configs": [

826

# {

827

# "log_type": "DATA_READ",

828

# "exempted_members": [

829

# "user:jose@example.com"

830

# ]

831

# },

832

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

833

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

834

# },

835

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

836

# "log_type": "ADMIN_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# },

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

841

# "service": "sampleservice.googleapis.com",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

842

# "audit_log_configs": [

843

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

844

# "log_type": "DATA_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

845

# },

846

# {

847

# "log_type": "DATA_WRITE",

848

# "exempted_members": [

849

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

858

# logging. It also exempts jose@example.com from DATA_READ logging, and

859

# aliya@example.com from DATA_WRITE logging.

860

"service": "A String", # Specifies a service that will be enabled for audit logging.

861

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

862

# `allServices` is a special value that covers all services.

863

"auditLogConfigs": [ # The configuration for logging of each type of permission.

864

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

869

# {

870

# "log_type": "DATA_READ",

871

# "exempted_members": [

872

# "user:jose@example.com"

873

# ]

874

# },

875

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

876

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

882

# jose@example.com from DATA_READ logging.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

883

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

884

# permission.

885

# Follows the same format of Binding.members.

886

"A String",

887

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

888

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

894

# `condition` that determines how and when the `bindings` are applied. Each

895

# of the `bindings` must contain at least one member.

896

{ # Associates `members` with a `role`.

897

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

898

#

899

# If the condition evaluates to `true`, then this binding applies to the

900

# current request.

901

#

902

# If the condition evaluates to `false`, then this binding does not apply to

903

# the current request. However, a different role binding might grant the same

904

# role to one or more of the members in this binding.

905

#

906

# To learn which resources support conditions in their IAM policies, see the

907

# [IAM

908

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

909

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

910

# are documented at https://github.com/google/cel-spec.

911

#

912

# Example (Comparison):

913

#

914

# title: "Summary size limit"

915

# description: "Determines if a summary is less than 100 chars"

916

# expression: "document.summary.size() < 100"

917

#

918

# Example (Equality):

919

#

920

# title: "Requestor is owner"

921

# description: "Determines if requestor is the document owner"

922

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

927

# description: "Determine whether the document should be publicly visible"

928

# expression: "document.type != 'private' && document.type != 'internal'"

929

#

930

# Example (Data Manipulation):

931

#

932

# title: "Notification string"

933

# description: "Create a notification string with a timestamp."

934

# expression: "'New message received at ' + string(document.create_time)"

935

#

936

# The exact variables and functions that may be referenced within an expression

937

# are determined by the service that evaluates it. See the service

938

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

939

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

940

# its purpose. This can be used e.g. in UIs which allow to enter the

941

# expression.

942

"location": "A String", # Optional. String indicating the location of the expression for error

943

# reporting, e.g. a file name and a position in the file.

944

"description": "A String", # Optional. Description of the expression. This is a longer text which

945

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

946

"expression": "A String", # Textual representation of an expression in Common Expression Language

947

# syntax.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

948

},

949

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

950

# `members` can have the following values:

951

#

952

# * `allUsers`: A special identifier that represents anyone who is

953

# on the internet; with or without a Google account.

954

#

955

# * `allAuthenticatedUsers`: A special identifier that represents anyone

956

# who is authenticated with a Google account or a service account.

957

#

958

# * `user:{emailid}`: An email address that represents a specific Google

959

# account. For example, `alice@example.com` .

960

#

961

#

962

# * `serviceAccount:{emailid}`: An email address that represents a service

963

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

964

#

965

# * `group:{emailid}`: An email address that represents a Google group.

966

# For example, `admins@example.com`.

967

#

968

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

969

# identifier) representing a user that has been recently deleted. For

970

# example, `alice@example.com?uid=123456789012345678901`. If the user is

971

# recovered, this value reverts to `user:{emailid}` and the recovered user

972

# retains the role in the binding.

973

#

974

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

975

# unique identifier) representing a service account that has been recently

976

# deleted. For example,

977

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

978

# If the service account is undeleted, this value reverts to

979

# `serviceAccount:{emailid}` and the undeleted service account retains the

980

# role in the binding.

981

#

982

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

983

# identifier) representing a Google group that has been recently

984

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

985

# the group is recovered, this value reverts to `group:{emailid}` and the

986

# recovered group retains the role in the binding.

987

#

988

#

989

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

990

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

995

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

996

},

997

],

998

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

999

}

1000

1001

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1008

1009

{ # An Identity and Access Management (IAM) policy, which specifies access

1010

# controls for Google Cloud resources.

1011

#

1012

#

1013

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1014

# `members` to a single `role`. Members can be user accounts, service accounts,

1015

# Google groups, and domains (such as G Suite). A `role` is a named list of

1016

# permissions; each `role` can be an IAM predefined role or a user-created

1017

# custom role.

1018

#

1019

# For some types of Google Cloud resources, a `binding` can also specify a

1020

# `condition`, which is a logical expression that allows access to a resource

1021

# only if the expression evaluates to `true`. A condition can add constraints

1022

# based on attributes of the request, the resource, or both. To learn which

1023

# resources support conditions in their IAM policies, see the

1024

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1032

# "members": [

1033

# "user:mike@example.com",

1034

# "group:admins@example.com",

1035

# "domain:google.com",

1036

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1041

# "members": [

1042

# "user:eve@example.com"

1043

# ],

1044

# "condition": {

1045

# "title": "expirable access",

1046

# "description": "Does not grant access after Sep 2020",

1047

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1060

# - group:admins@example.com

1061

# - domain:google.com

1062

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1063

# role: roles/resourcemanager.organizationAdmin

1064

# - members:

1065

# - user:eve@example.com

1066

# role: roles/resourcemanager.organizationViewer

1067

# condition:

1068

# title: expirable access

1069

# description: Does not grant access after Sep 2020

1070

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1071

# - etag: BwWWja0YfJA=

1072

# - version: 3

1073

#

1074

# For a description of IAM and its features, see the

1075

# [IAM documentation](https://cloud.google.com/iam/docs/).

1076

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1077

# prevent simultaneous updates of a policy from overwriting each other.

1078

# It is strongly suggested that systems make use of the `etag` in the

1079

# read-modify-write cycle to perform policy updates in order to avoid race

1080

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1081

# systems are expected to put that etag in the request to `setIamPolicy` to

1082

# ensure that their change will be applied to the same version of the policy.

1083

#

1084

# **Important:** If you use IAM Conditions, you must include the `etag` field

1085

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1086

# you to overwrite a version `3` policy with a version `1` policy, and all of

1087

# the conditions in the version `3` policy are lost.

1088

"version": 42, # Specifies the format of the policy.

1089

#

1090

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1091

# are rejected.

1092

#

1093

# Any operation that affects conditional role bindings must specify version

1094

# `3`. This requirement applies to the following operations:

1095

#

1096

# * Getting a policy that includes a conditional role binding

1097

# * Adding a conditional role binding to a policy

1098

# * Changing a conditional role binding in a policy

1099

# * Removing any role binding, with or without a condition, from a policy

1100

# that includes conditions

1101

#

1102

# **Important:** If you use IAM Conditions, you must include the `etag` field

1103

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1104

# you to overwrite a version `3` policy with a version `1` policy, and all of

1105

# the conditions in the version `3` policy are lost.

1106

#

1107

# If a policy does not include any conditions, operations on that policy may

1108

# specify any valid version or leave the field unset.

1109

#

1110

# To learn which resources support conditions in their IAM policies, see the

1111

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1112

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1113

{ # Specifies the audit configuration for a service.

1114

# The configuration determines which permission types are logged, and what

1115

# identities, if any, are exempted from logging.

1116

# An AuditConfig must have one or more AuditLogConfigs.

1117

#

1118

# If there are AuditConfigs for both `allServices` and a specific service,

1119

# the union of the two AuditConfigs is used for that service: the log_types

1120

# specified in each AuditConfig are enabled, and the exempted_members in each

1121

# AuditLogConfig are exempted.

1122

#

1123

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1128

# "service": "allServices",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1129

# "audit_log_configs": [

1130

# {

1131

# "log_type": "DATA_READ",

1132

# "exempted_members": [

1133

# "user:jose@example.com"

1134

# ]

1135

# },

1136

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1137

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1138

# },

1139

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1140

# "log_type": "ADMIN_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# },

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1145

# "service": "sampleservice.googleapis.com",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1146

# "audit_log_configs": [

1147

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1148

# "log_type": "DATA_READ"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1149

# },

1150

# {

1151

# "log_type": "DATA_WRITE",

1152

# "exempted_members": [

1153

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1162

# logging. It also exempts jose@example.com from DATA_READ logging, and

1163

# aliya@example.com from DATA_WRITE logging.

1164

"service": "A String", # Specifies a service that will be enabled for audit logging.

1165

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1166

# `allServices` is a special value that covers all services.

1167

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1168

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1173

# {

1174

# "log_type": "DATA_READ",

1175

# "exempted_members": [

1176

# "user:jose@example.com"

1177

# ]

1178

# },

1179

# {

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1180

# "log_type": "DATA_WRITE"

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1186

# jose@example.com from DATA_READ logging.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1187

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1188

# permission.

1189

# Follows the same format of Binding.members.

1190

"A String",

1191

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1192

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1198

# `condition` that determines how and when the `bindings` are applied. Each

1199

# of the `bindings` must contain at least one member.

1200

{ # Associates `members` with a `role`.

1201

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1202

#

1203

# If the condition evaluates to `true`, then this binding applies to the

1204

# current request.

1205

#

1206

# If the condition evaluates to `false`, then this binding does not apply to

1207

# the current request. However, a different role binding might grant the same

1208

# role to one or more of the members in this binding.

1209

#

1210

# To learn which resources support conditions in their IAM policies, see the

1211

# [IAM

1212

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1213

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1214

# are documented at https://github.com/google/cel-spec.

1215

#

1216

# Example (Comparison):

1217

#

1218

# title: "Summary size limit"

1219

# description: "Determines if a summary is less than 100 chars"

1220

# expression: "document.summary.size() < 100"

1221

#

1222

# Example (Equality):

1223

#

1224

# title: "Requestor is owner"

1225

# description: "Determines if requestor is the document owner"

1226

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1231

# description: "Determine whether the document should be publicly visible"

1232

# expression: "document.type != 'private' && document.type != 'internal'"

1233

#

1234

# Example (Data Manipulation):

1235

#

1236

# title: "Notification string"

1237

# description: "Create a notification string with a timestamp."

1238

# expression: "'New message received at ' + string(document.create_time)"

1239

#

1240

# The exact variables and functions that may be referenced within an expression

1241

# are determined by the service that evaluates it. See the service

1242

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1243

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1244

# its purpose. This can be used e.g. in UIs which allow to enter the

1245

# expression.

1246

"location": "A String", # Optional. String indicating the location of the expression for error

1247

# reporting, e.g. a file name and a position in the file.

1248

"description": "A String", # Optional. Description of the expression. This is a longer text which

1249

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1250

"expression": "A String", # Textual representation of an expression in Common Expression Language

1251

# syntax.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1252

},

1253

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1254

# `members` can have the following values:

1255

#

1256

# * `allUsers`: A special identifier that represents anyone who is

1257

# on the internet; with or without a Google account.

1258

#

1259

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1260

# who is authenticated with a Google account or a service account.

1261

#

1262

# * `user:{emailid}`: An email address that represents a specific Google

1263

# account. For example, `alice@example.com` .

1264

#

1265

#

1266

# * `serviceAccount:{emailid}`: An email address that represents a service

1267

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1268

#

1269

# * `group:{emailid}`: An email address that represents a Google group.

1270

# For example, `admins@example.com`.

1271

#

1272

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1273

# identifier) representing a user that has been recently deleted. For

1274

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1275

# recovered, this value reverts to `user:{emailid}` and the recovered user

1276

# retains the role in the binding.

1277

#

1278

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1279

# unique identifier) representing a service account that has been recently

1280

# deleted. For example,

1281

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1282

# If the service account is undeleted, this value reverts to

1283

# `serviceAccount:{emailid}` and the undeleted service account retains the

1284

# role in the binding.

1285

#

1286

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1287

# identifier) representing a Google group that has been recently

1288

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1289

# the group is recovered, this value reverts to `group:{emailid}` and the

1290

# recovered group retains the role in the binding.

1291

#

1292

#

1293

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1294

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

1299

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

},

],

}</pre>

</div>

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

1307

<pre>Returns permissions that a caller has on the specified resource.

1308

If the resource does not exist, this will return an empty set of

1309

permissions, not a `NOT_FOUND` error.

1310

1311

Note: This operation is designed to be used for building permission-aware

1312

UIs and command-line tools, not for authorization checking. This operation

1313

may "fail open" without warning.

1314

1315

Args:

1316

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1317

See the operation documentation for the appropriate value for this field. (required)

1318

body: object, The request body.

1319

The object takes the form of:

1320

1321

{ # Request message for `TestIamPermissions` method.

1322

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1323

# wildcards (such as '*' or 'storage.*') are not allowed. For more

1324

# information see

1325

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

"A String",

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1337

1338

{ # Response message for `TestIamPermissions` method.

1339

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

# allowed.

"A String",

],

}</pre>

</div>

<code class="details" id="updateCredential">updateCredential(name, body=None, x__xgafv=None)</code>

1348

<pre>Sets the credential for the specified connection.

Args:

`projects/{project_id}/locations/{location_id}/connections/{connection_id}/credential` (required)

1353

body: object, The request body.

1354

The object takes the form of:

1355

1356

{ # Credential to use with a connection.

1357

"cloudSql": { # Credential info for the Cloud SQL. # Credential for Cloud SQL database.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1358

"password": "A String", # The password for the credential.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1359

"username": "A String", # The username for the credential.

Bu Sun Kim