blob: 5859fbd543651a939115e6e24f5ba83e80ea9ba9 [file] [log] [blame]
Bu Sun Kim65020912020-05-20 12:08:20 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="secretmanager_v1beta1.html">Secret Manager API</a> . <a href="secretmanager_v1beta1.projects.html">projects</a> . <a href="secretmanager_v1beta1.projects.secrets.html">secrets</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="secretmanager_v1beta1.projects.secrets.versions.html">versions()</a></code>
79</p>
80<p class="firstline">Returns the versions Resource.</p>
81
82<p class="toc_element">
83 <code><a href="#addVersion">addVersion(parent, body=None, x__xgafv=None)</a></code></p>
84<p class="firstline">Creates a new SecretVersion containing secret data and attaches</p>
85<p class="toc_element">
86 <code><a href="#create">create(parent, body=None, secretId=None, x__xgafv=None)</a></code></p>
87<p class="firstline">Creates a new Secret containing no SecretVersions.</p>
88<p class="toc_element">
89 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
90<p class="firstline">Deletes a Secret.</p>
91<p class="toc_element">
92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
93<p class="firstline">Gets metadata for a given Secret.</p>
94<p class="toc_element">
95 <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
96<p class="firstline">Gets the access control policy for a secret.</p>
97<p class="toc_element">
Bu Sun Kimd059ad82020-07-22 17:02:09 -070098 <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
Bu Sun Kim65020912020-05-20 12:08:20 -070099<p class="firstline">Lists Secrets.</p>
100<p class="toc_element">
101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
102<p class="firstline">Retrieves the next page of results.</p>
103<p class="toc_element">
104 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
105<p class="firstline">Updates metadata of an existing Secret.</p>
106<p class="toc_element">
107 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
108<p class="firstline">Sets the access control policy on the specified secret. Replaces any</p>
109<p class="toc_element">
110 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
111<p class="firstline">Returns permissions that a caller has for the specified secret.</p>
112<h3>Method Details</h3>
113<div class="method">
114 <code class="details" id="addVersion">addVersion(parent, body=None, x__xgafv=None)</code>
115 <pre>Creates a new SecretVersion containing secret data and attaches
116it to an existing Secret.
117
118Args:
119 parent: string, Required. The resource name of the Secret to associate with the
120SecretVersion in the format `projects/*/secrets/*`. (required)
121 body: object, The request body.
122 The object takes the form of:
123
124{ # Request message for SecretManagerService.AddSecretVersion.
125 &quot;payload&quot;: { # A secret payload resource in the Secret Manager API. This contains the # Required. The secret payload of the SecretVersion.
126 # sensitive secret data that is associated with a SecretVersion.
127 &quot;data&quot;: &quot;A String&quot;, # The secret data. Must be no larger than 64KiB.
128 },
129 }
130
131 x__xgafv: string, V1 error format.
132 Allowed values
133 1 - v1 error format
134 2 - v2 error format
135
136Returns:
137 An object of the form:
138
139 { # A secret version resource in the Secret Manager API.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700140 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the SecretVersion was created.
141 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this SecretVersion was destroyed.
142 # Only present if state is
143 # DESTROYED.
Bu Sun Kim65020912020-05-20 12:08:20 -0700144 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the SecretVersion in the
145 # format `projects/*/secrets/*/versions/*`.
146 #
147 # SecretVersion IDs in a Secret start at 1 and
148 # are incremented for each subsequent version of the secret.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700149 &quot;state&quot;: &quot;A String&quot;, # Output only. The current state of the SecretVersion.
Bu Sun Kim65020912020-05-20 12:08:20 -0700150 }</pre>
151</div>
152
153<div class="method">
154 <code class="details" id="create">create(parent, body=None, secretId=None, x__xgafv=None)</code>
155 <pre>Creates a new Secret containing no SecretVersions.
156
157Args:
158 parent: string, Required. The resource name of the project to associate with the
159Secret, in the format `projects/*`. (required)
160 body: object, The request body.
161 The object takes the form of:
162
163{ # A Secret is a logical secret whose value and versions can
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700164 # be accessed.
165 #
166 # A Secret is made up of zero or more SecretVersions that
167 # represent the secret data.
168 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
169 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
Bu Sun Kim65020912020-05-20 12:08:20 -0700170 #
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700171 # The replication policy cannot be changed after the Secret has been created.
172 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
173 # locations specified in Secret.replication.user_managed.replicas
174 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
175 #
176 # Cannot be empty.
177 { # Represents a Replica for this Secret.
178 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
179 # For example: `&quot;us-east1&quot;`.
180 },
181 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700182 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700183 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
184 # restrictions.
Bu Sun Kim65020912020-05-20 12:08:20 -0700185 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700186 },
187 &quot;labels&quot;: { # The labels assigned to this Secret.
188 #
189 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
190 # of maximum 128 bytes, and must conform to the following PCRE regular
191 # expression: `\p{Ll}\p{Lo}{0,62}`
192 #
193 # Label values must be between 0 and 63 characters long, have a UTF-8
194 # encoding of maximum 128 bytes, and must conform to the following PCRE
195 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
196 #
197 # No more than 64 labels can be assigned to a given resource.
198 &quot;a_key&quot;: &quot;A String&quot;,
199 },
200 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
201}
Bu Sun Kim65020912020-05-20 12:08:20 -0700202
203 secretId: string, Required. This must be unique within the project.
204
205A secret ID is a string with a maximum length of 255 characters and can
206contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and
207underscore (`_`) characters.
208 x__xgafv: string, V1 error format.
209 Allowed values
210 1 - v1 error format
211 2 - v2 error format
212
213Returns:
214 An object of the form:
215
216 { # A Secret is a logical secret whose value and versions can
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700217 # be accessed.
218 #
219 # A Secret is made up of zero or more SecretVersions that
220 # represent the secret data.
221 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
222 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
Bu Sun Kim65020912020-05-20 12:08:20 -0700223 #
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700224 # The replication policy cannot be changed after the Secret has been created.
225 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
226 # locations specified in Secret.replication.user_managed.replicas
227 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
228 #
229 # Cannot be empty.
230 { # Represents a Replica for this Secret.
231 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
232 # For example: `&quot;us-east1&quot;`.
233 },
234 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700235 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700236 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
237 # restrictions.
Bu Sun Kim65020912020-05-20 12:08:20 -0700238 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700239 },
240 &quot;labels&quot;: { # The labels assigned to this Secret.
241 #
242 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
243 # of maximum 128 bytes, and must conform to the following PCRE regular
244 # expression: `\p{Ll}\p{Lo}{0,62}`
245 #
246 # Label values must be between 0 and 63 characters long, have a UTF-8
247 # encoding of maximum 128 bytes, and must conform to the following PCRE
248 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
249 #
250 # No more than 64 labels can be assigned to a given resource.
251 &quot;a_key&quot;: &quot;A String&quot;,
252 },
253 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
254 }</pre>
Bu Sun Kim65020912020-05-20 12:08:20 -0700255</div>
256
257<div class="method">
258 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
259 <pre>Deletes a Secret.
260
261Args:
262 name: string, Required. The resource name of the Secret to delete in the format
263`projects/*/secrets/*`. (required)
264 x__xgafv: string, V1 error format.
265 Allowed values
266 1 - v1 error format
267 2 - v2 error format
268
269Returns:
270 An object of the form:
271
272 { # A generic empty message that you can re-use to avoid defining duplicated
273 # empty messages in your APIs. A typical example is to use it as the request
274 # or the response type of an API method. For instance:
275 #
276 # service Foo {
277 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
278 # }
279 #
280 # The JSON representation for `Empty` is empty JSON object `{}`.
281 }</pre>
282</div>
283
284<div class="method">
285 <code class="details" id="get">get(name, x__xgafv=None)</code>
286 <pre>Gets metadata for a given Secret.
287
288Args:
289 name: string, Required. The resource name of the Secret, in the format `projects/*/secrets/*`. (required)
290 x__xgafv: string, V1 error format.
291 Allowed values
292 1 - v1 error format
293 2 - v2 error format
294
295Returns:
296 An object of the form:
297
298 { # A Secret is a logical secret whose value and versions can
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700299 # be accessed.
300 #
301 # A Secret is made up of zero or more SecretVersions that
302 # represent the secret data.
303 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
304 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
Bu Sun Kim65020912020-05-20 12:08:20 -0700305 #
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700306 # The replication policy cannot be changed after the Secret has been created.
307 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
308 # locations specified in Secret.replication.user_managed.replicas
309 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
310 #
311 # Cannot be empty.
312 { # Represents a Replica for this Secret.
313 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
314 # For example: `&quot;us-east1&quot;`.
315 },
316 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700317 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700318 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
319 # restrictions.
Bu Sun Kim65020912020-05-20 12:08:20 -0700320 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700321 },
322 &quot;labels&quot;: { # The labels assigned to this Secret.
323 #
324 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
325 # of maximum 128 bytes, and must conform to the following PCRE regular
326 # expression: `\p{Ll}\p{Lo}{0,62}`
327 #
328 # Label values must be between 0 and 63 characters long, have a UTF-8
329 # encoding of maximum 128 bytes, and must conform to the following PCRE
330 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
331 #
332 # No more than 64 labels can be assigned to a given resource.
333 &quot;a_key&quot;: &quot;A String&quot;,
334 },
335 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
336 }</pre>
Bu Sun Kim65020912020-05-20 12:08:20 -0700337</div>
338
339<div class="method">
340 <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>
341 <pre>Gets the access control policy for a secret.
342Returns empty policy if the secret exists and does not have a policy set.
343
344Args:
345 resource: string, REQUIRED: The resource for which the policy is being requested.
346See the operation documentation for the appropriate value for this field. (required)
347 options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.
348
349Valid values are 0, 1, and 3. Requests specifying an invalid value will be
350rejected.
351
352Requests for policies with any conditional bindings must specify version 3.
353Policies without any conditional bindings may specify any valid value or
354leave the field unset.
355
356To learn which resources support conditions in their IAM policies, see the
357[IAM
358documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
359 x__xgafv: string, V1 error format.
360 Allowed values
361 1 - v1 error format
362 2 - v2 error format
363
364Returns:
365 An object of the form:
366
367 { # An Identity and Access Management (IAM) policy, which specifies access
368 # controls for Google Cloud resources.
369 #
370 #
371 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
372 # `members` to a single `role`. Members can be user accounts, service accounts,
373 # Google groups, and domains (such as G Suite). A `role` is a named list of
374 # permissions; each `role` can be an IAM predefined role or a user-created
375 # custom role.
376 #
377 # For some types of Google Cloud resources, a `binding` can also specify a
378 # `condition`, which is a logical expression that allows access to a resource
379 # only if the expression evaluates to `true`. A condition can add constraints
380 # based on attributes of the request, the resource, or both. To learn which
381 # resources support conditions in their IAM policies, see the
382 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
383 #
384 # **JSON example:**
385 #
386 # {
387 # &quot;bindings&quot;: [
388 # {
389 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
390 # &quot;members&quot;: [
391 # &quot;user:mike@example.com&quot;,
392 # &quot;group:admins@example.com&quot;,
393 # &quot;domain:google.com&quot;,
394 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
395 # ]
396 # },
397 # {
398 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
399 # &quot;members&quot;: [
400 # &quot;user:eve@example.com&quot;
401 # ],
402 # &quot;condition&quot;: {
403 # &quot;title&quot;: &quot;expirable access&quot;,
404 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
405 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
406 # }
407 # }
408 # ],
409 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
410 # &quot;version&quot;: 3
411 # }
412 #
413 # **YAML example:**
414 #
415 # bindings:
416 # - members:
417 # - user:mike@example.com
418 # - group:admins@example.com
419 # - domain:google.com
420 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
421 # role: roles/resourcemanager.organizationAdmin
422 # - members:
423 # - user:eve@example.com
424 # role: roles/resourcemanager.organizationViewer
425 # condition:
426 # title: expirable access
427 # description: Does not grant access after Sep 2020
428 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
429 # - etag: BwWWja0YfJA=
430 # - version: 3
431 #
432 # For a description of IAM and its features, see the
433 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -0700434 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
435 { # Specifies the audit configuration for a service.
436 # The configuration determines which permission types are logged, and what
437 # identities, if any, are exempted from logging.
438 # An AuditConfig must have one or more AuditLogConfigs.
439 #
440 # If there are AuditConfigs for both `allServices` and a specific service,
441 # the union of the two AuditConfigs is used for that service: the log_types
442 # specified in each AuditConfig are enabled, and the exempted_members in each
443 # AuditLogConfig are exempted.
444 #
445 # Example Policy with multiple AuditConfigs:
446 #
447 # {
448 # &quot;audit_configs&quot;: [
449 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700450 # &quot;service&quot;: &quot;allServices&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -0700451 # &quot;audit_log_configs&quot;: [
452 # {
453 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
454 # &quot;exempted_members&quot;: [
455 # &quot;user:jose@example.com&quot;
456 # ]
457 # },
458 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700459 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700460 # },
461 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700462 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700463 # }
464 # ]
465 # },
466 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700467 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -0700468 # &quot;audit_log_configs&quot;: [
469 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700470 # &quot;log_type&quot;: &quot;DATA_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700471 # },
472 # {
473 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
474 # &quot;exempted_members&quot;: [
475 # &quot;user:aliya@example.com&quot;
476 # ]
477 # }
478 # ]
479 # }
480 # ]
481 # }
482 #
483 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
484 # logging. It also exempts jose@example.com from DATA_READ logging, and
485 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -0700486 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
487 { # Provides the configuration for logging a type of permissions.
488 # Example:
489 #
490 # {
491 # &quot;audit_log_configs&quot;: [
492 # {
493 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
494 # &quot;exempted_members&quot;: [
495 # &quot;user:jose@example.com&quot;
496 # ]
497 # },
498 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700499 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700500 # }
501 # ]
502 # }
503 #
504 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
505 # jose@example.com from DATA_READ logging.
506 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
507 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
508 # permission.
509 # Follows the same format of Binding.members.
510 &quot;A String&quot;,
511 ],
512 },
513 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700514 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
515 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
516 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -0700517 },
518 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700519 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
520 # prevent simultaneous updates of a policy from overwriting each other.
521 # It is strongly suggested that systems make use of the `etag` in the
522 # read-modify-write cycle to perform policy updates in order to avoid race
523 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
524 # systems are expected to put that etag in the request to `setIamPolicy` to
525 # ensure that their change will be applied to the same version of the policy.
526 #
527 # **Important:** If you use IAM Conditions, you must include the `etag` field
528 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
529 # you to overwrite a version `3` policy with a version `1` policy, and all of
530 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -0700531 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
532 # `condition` that determines how and when the `bindings` are applied. Each
533 # of the `bindings` must contain at least one member.
534 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700535 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
536 # `members` can have the following values:
537 #
538 # * `allUsers`: A special identifier that represents anyone who is
539 # on the internet; with or without a Google account.
540 #
541 # * `allAuthenticatedUsers`: A special identifier that represents anyone
542 # who is authenticated with a Google account or a service account.
543 #
544 # * `user:{emailid}`: An email address that represents a specific Google
545 # account. For example, `alice@example.com` .
546 #
547 #
548 # * `serviceAccount:{emailid}`: An email address that represents a service
549 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
550 #
551 # * `group:{emailid}`: An email address that represents a Google group.
552 # For example, `admins@example.com`.
553 #
554 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
555 # identifier) representing a user that has been recently deleted. For
556 # example, `alice@example.com?uid=123456789012345678901`. If the user is
557 # recovered, this value reverts to `user:{emailid}` and the recovered user
558 # retains the role in the binding.
559 #
560 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
561 # unique identifier) representing a service account that has been recently
562 # deleted. For example,
563 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
564 # If the service account is undeleted, this value reverts to
565 # `serviceAccount:{emailid}` and the undeleted service account retains the
566 # role in the binding.
567 #
568 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
569 # identifier) representing a Google group that has been recently
570 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
571 # the group is recovered, this value reverts to `group:{emailid}` and the
572 # recovered group retains the role in the binding.
573 #
574 #
575 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
576 # users of that domain. For example, `google.com` or `example.com`.
577 #
578 &quot;A String&quot;,
579 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700580 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
581 #
582 # If the condition evaluates to `true`, then this binding applies to the
583 # current request.
584 #
585 # If the condition evaluates to `false`, then this binding does not apply to
586 # the current request. However, a different role binding might grant the same
587 # role to one or more of the members in this binding.
588 #
589 # To learn which resources support conditions in their IAM policies, see the
590 # [IAM
591 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
592 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
593 # are documented at https://github.com/google/cel-spec.
594 #
595 # Example (Comparison):
596 #
597 # title: &quot;Summary size limit&quot;
598 # description: &quot;Determines if a summary is less than 100 chars&quot;
599 # expression: &quot;document.summary.size() &lt; 100&quot;
600 #
601 # Example (Equality):
602 #
603 # title: &quot;Requestor is owner&quot;
604 # description: &quot;Determines if requestor is the document owner&quot;
605 # expression: &quot;document.owner == request.auth.claims.email&quot;
606 #
607 # Example (Logic):
608 #
609 # title: &quot;Public documents&quot;
610 # description: &quot;Determine whether the document should be publicly visible&quot;
611 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
612 #
613 # Example (Data Manipulation):
614 #
615 # title: &quot;Notification string&quot;
616 # description: &quot;Create a notification string with a timestamp.&quot;
617 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
618 #
619 # The exact variables and functions that may be referenced within an expression
620 # are determined by the service that evaluates it. See the service
621 # documentation for additional information.
622 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
623 # syntax.
624 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
625 # reporting, e.g. a file name and a position in the file.
626 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
627 # describes the expression, e.g. when hovered over it in a UI.
628 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
629 # its purpose. This can be used e.g. in UIs which allow to enter the
630 # expression.
631 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700632 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
633 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
634 },
635 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700636 &quot;version&quot;: 42, # Specifies the format of the policy.
637 #
638 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
639 # are rejected.
640 #
641 # Any operation that affects conditional role bindings must specify version
642 # `3`. This requirement applies to the following operations:
643 #
644 # * Getting a policy that includes a conditional role binding
645 # * Adding a conditional role binding to a policy
646 # * Changing a conditional role binding in a policy
647 # * Removing any role binding, with or without a condition, from a policy
648 # that includes conditions
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700649 #
650 # **Important:** If you use IAM Conditions, you must include the `etag` field
651 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
652 # you to overwrite a version `3` policy with a version `1` policy, and all of
653 # the conditions in the version `3` policy are lost.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700654 #
655 # If a policy does not include any conditions, operations on that policy may
656 # specify any valid version or leave the field unset.
657 #
658 # To learn which resources support conditions in their IAM policies, see the
659 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Bu Sun Kim65020912020-05-20 12:08:20 -0700660 }</pre>
661</div>
662
663<div class="method">
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700664 <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
Bu Sun Kim65020912020-05-20 12:08:20 -0700665 <pre>Lists Secrets.
666
667Args:
668 parent: string, Required. The resource name of the project associated with the
669Secrets, in the format `projects/*`. (required)
Bu Sun Kim65020912020-05-20 12:08:20 -0700670 pageSize: integer, Optional. The maximum number of results to be returned in a single page. If
671set to 0, the server decides the number of results to return. If the
672number is greater than 25000, it is capped at 25000.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700673 pageToken: string, Optional. Pagination token, returned earlier via
674ListSecretsResponse.next_page_token.
Bu Sun Kim65020912020-05-20 12:08:20 -0700675 x__xgafv: string, V1 error format.
676 Allowed values
677 1 - v1 error format
678 2 - v2 error format
679
680Returns:
681 An object of the form:
682
683 { # Response message for SecretManagerService.ListSecrets.
Bu Sun Kim65020912020-05-20 12:08:20 -0700684 &quot;nextPageToken&quot;: &quot;A String&quot;, # A token to retrieve the next page of results. Pass this value in
685 # ListSecretsRequest.page_token to retrieve the next page.
686 &quot;totalSize&quot;: 42, # The total number of Secrets.
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700687 &quot;secrets&quot;: [ # The list of Secrets sorted in reverse by create_time (newest
688 # first).
689 { # A Secret is a logical secret whose value and versions can
690 # be accessed.
691 #
692 # A Secret is made up of zero or more SecretVersions that
693 # represent the secret data.
694 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
695 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
696 #
697 # The replication policy cannot be changed after the Secret has been created.
698 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
699 # locations specified in Secret.replication.user_managed.replicas
700 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
701 #
702 # Cannot be empty.
703 { # Represents a Replica for this Secret.
704 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
705 # For example: `&quot;us-east1&quot;`.
706 },
707 ],
708 },
709 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
710 # restrictions.
711 },
712 },
713 &quot;labels&quot;: { # The labels assigned to this Secret.
714 #
715 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
716 # of maximum 128 bytes, and must conform to the following PCRE regular
717 # expression: `\p{Ll}\p{Lo}{0,62}`
718 #
719 # Label values must be between 0 and 63 characters long, have a UTF-8
720 # encoding of maximum 128 bytes, and must conform to the following PCRE
721 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
722 #
723 # No more than 64 labels can be assigned to a given resource.
724 &quot;a_key&quot;: &quot;A String&quot;,
725 },
726 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
727 },
728 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700729 }</pre>
730</div>
731
732<div class="method">
733 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
734 <pre>Retrieves the next page of results.
735
736Args:
737 previous_request: The request for the previous page. (required)
738 previous_response: The response from the request for the previous page. (required)
739
740Returns:
741 A request object that you can call &#x27;execute()&#x27; on to request the next
742 page. Returns None if there are no more items in the collection.
743 </pre>
744</div>
745
746<div class="method">
747 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
748 <pre>Updates metadata of an existing Secret.
749
750Args:
751 name: string, Output only. The resource name of the Secret in the format `projects/*/secrets/*`. (required)
752 body: object, The request body.
753 The object takes the form of:
754
755{ # A Secret is a logical secret whose value and versions can
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700756 # be accessed.
757 #
758 # A Secret is made up of zero or more SecretVersions that
759 # represent the secret data.
760 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
761 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700762 #
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700763 # The replication policy cannot be changed after the Secret has been created.
764 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
765 # locations specified in Secret.replication.user_managed.replicas
766 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
767 #
768 # Cannot be empty.
769 { # Represents a Replica for this Secret.
770 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
771 # For example: `&quot;us-east1&quot;`.
772 },
773 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700774 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700775 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
776 # restrictions.
Bu Sun Kim65020912020-05-20 12:08:20 -0700777 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700778 },
779 &quot;labels&quot;: { # The labels assigned to this Secret.
780 #
781 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
782 # of maximum 128 bytes, and must conform to the following PCRE regular
783 # expression: `\p{Ll}\p{Lo}{0,62}`
784 #
785 # Label values must be between 0 and 63 characters long, have a UTF-8
786 # encoding of maximum 128 bytes, and must conform to the following PCRE
787 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
788 #
789 # No more than 64 labels can be assigned to a given resource.
790 &quot;a_key&quot;: &quot;A String&quot;,
791 },
792 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
793}
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700794
795 updateMask: string, Required. Specifies the fields to be updated.
796 x__xgafv: string, V1 error format.
797 Allowed values
798 1 - v1 error format
799 2 - v2 error format
800
801Returns:
802 An object of the form:
803
804 { # A Secret is a logical secret whose value and versions can
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700805 # be accessed.
806 #
807 # A Secret is made up of zero or more SecretVersions that
808 # represent the secret data.
809 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
810 &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700811 #
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700812 # The replication policy cannot be changed after the Secret has been created.
813 &quot;userManaged&quot;: { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.
814 # locations specified in Secret.replication.user_managed.replicas
815 &quot;replicas&quot;: [ # Required. The list of Replicas for this Secret.
816 #
817 # Cannot be empty.
818 { # Represents a Replica for this Secret.
819 &quot;location&quot;: &quot;A String&quot;, # The canonical IDs of the location to replicate data.
820 # For example: `&quot;us-east1&quot;`.
821 },
822 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700823 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700824 &quot;automatic&quot;: { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.
825 # restrictions.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700826 },
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700827 },
828 &quot;labels&quot;: { # The labels assigned to this Secret.
829 #
830 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
831 # of maximum 128 bytes, and must conform to the following PCRE regular
832 # expression: `\p{Ll}\p{Lo}{0,62}`
833 #
834 # Label values must be between 0 and 63 characters long, have a UTF-8
835 # encoding of maximum 128 bytes, and must conform to the following PCRE
836 # regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
837 #
838 # No more than 64 labels can be assigned to a given resource.
839 &quot;a_key&quot;: &quot;A String&quot;,
840 },
841 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the Secret was created.
842 }</pre>
Bu Sun Kim65020912020-05-20 12:08:20 -0700843</div>
844
845<div class="method">
846 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
847 <pre>Sets the access control policy on the specified secret. Replaces any
848existing policy.
849
850Permissions on SecretVersions are enforced according
851to the policy set on the associated Secret.
852
853Args:
854 resource: string, REQUIRED: The resource for which the policy is being specified.
855See the operation documentation for the appropriate value for this field. (required)
856 body: object, The request body.
857 The object takes the form of:
858
859{ # Request message for `SetIamPolicy` method.
860 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
861 # the policy is limited to a few 10s of KB. An empty policy is a
862 # valid policy but certain Cloud Platform services (such as Projects)
863 # might reject them.
864 # controls for Google Cloud resources.
865 #
866 #
867 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
868 # `members` to a single `role`. Members can be user accounts, service accounts,
869 # Google groups, and domains (such as G Suite). A `role` is a named list of
870 # permissions; each `role` can be an IAM predefined role or a user-created
871 # custom role.
872 #
873 # For some types of Google Cloud resources, a `binding` can also specify a
874 # `condition`, which is a logical expression that allows access to a resource
875 # only if the expression evaluates to `true`. A condition can add constraints
876 # based on attributes of the request, the resource, or both. To learn which
877 # resources support conditions in their IAM policies, see the
878 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
879 #
880 # **JSON example:**
881 #
882 # {
883 # &quot;bindings&quot;: [
884 # {
885 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
886 # &quot;members&quot;: [
887 # &quot;user:mike@example.com&quot;,
888 # &quot;group:admins@example.com&quot;,
889 # &quot;domain:google.com&quot;,
890 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
891 # ]
892 # },
893 # {
894 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
895 # &quot;members&quot;: [
896 # &quot;user:eve@example.com&quot;
897 # ],
898 # &quot;condition&quot;: {
899 # &quot;title&quot;: &quot;expirable access&quot;,
900 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
901 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
902 # }
903 # }
904 # ],
905 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
906 # &quot;version&quot;: 3
907 # }
908 #
909 # **YAML example:**
910 #
911 # bindings:
912 # - members:
913 # - user:mike@example.com
914 # - group:admins@example.com
915 # - domain:google.com
916 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
917 # role: roles/resourcemanager.organizationAdmin
918 # - members:
919 # - user:eve@example.com
920 # role: roles/resourcemanager.organizationViewer
921 # condition:
922 # title: expirable access
923 # description: Does not grant access after Sep 2020
924 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
925 # - etag: BwWWja0YfJA=
926 # - version: 3
927 #
928 # For a description of IAM and its features, see the
929 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -0700930 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
931 { # Specifies the audit configuration for a service.
932 # The configuration determines which permission types are logged, and what
933 # identities, if any, are exempted from logging.
934 # An AuditConfig must have one or more AuditLogConfigs.
935 #
936 # If there are AuditConfigs for both `allServices` and a specific service,
937 # the union of the two AuditConfigs is used for that service: the log_types
938 # specified in each AuditConfig are enabled, and the exempted_members in each
939 # AuditLogConfig are exempted.
940 #
941 # Example Policy with multiple AuditConfigs:
942 #
943 # {
944 # &quot;audit_configs&quot;: [
945 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700946 # &quot;service&quot;: &quot;allServices&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -0700947 # &quot;audit_log_configs&quot;: [
948 # {
949 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
950 # &quot;exempted_members&quot;: [
951 # &quot;user:jose@example.com&quot;
952 # ]
953 # },
954 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700955 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700956 # },
957 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700958 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700959 # }
960 # ]
961 # },
962 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700963 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -0700964 # &quot;audit_log_configs&quot;: [
965 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700966 # &quot;log_type&quot;: &quot;DATA_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700967 # },
968 # {
969 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
970 # &quot;exempted_members&quot;: [
971 # &quot;user:aliya@example.com&quot;
972 # ]
973 # }
974 # ]
975 # }
976 # ]
977 # }
978 #
979 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
980 # logging. It also exempts jose@example.com from DATA_READ logging, and
981 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -0700982 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
983 { # Provides the configuration for logging a type of permissions.
984 # Example:
985 #
986 # {
987 # &quot;audit_log_configs&quot;: [
988 # {
989 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
990 # &quot;exempted_members&quot;: [
991 # &quot;user:jose@example.com&quot;
992 # ]
993 # },
994 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -0700995 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -0700996 # }
997 # ]
998 # }
999 #
1000 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1001 # jose@example.com from DATA_READ logging.
1002 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1003 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1004 # permission.
1005 # Follows the same format of Binding.members.
1006 &quot;A String&quot;,
1007 ],
1008 },
1009 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001010 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1011 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1012 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -07001013 },
1014 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001015 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1016 # prevent simultaneous updates of a policy from overwriting each other.
1017 # It is strongly suggested that systems make use of the `etag` in the
1018 # read-modify-write cycle to perform policy updates in order to avoid race
1019 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1020 # systems are expected to put that etag in the request to `setIamPolicy` to
1021 # ensure that their change will be applied to the same version of the policy.
1022 #
1023 # **Important:** If you use IAM Conditions, you must include the `etag` field
1024 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1025 # you to overwrite a version `3` policy with a version `1` policy, and all of
1026 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -07001027 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
1028 # `condition` that determines how and when the `bindings` are applied. Each
1029 # of the `bindings` must contain at least one member.
1030 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001031 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
1032 # `members` can have the following values:
1033 #
1034 # * `allUsers`: A special identifier that represents anyone who is
1035 # on the internet; with or without a Google account.
1036 #
1037 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1038 # who is authenticated with a Google account or a service account.
1039 #
1040 # * `user:{emailid}`: An email address that represents a specific Google
1041 # account. For example, `alice@example.com` .
1042 #
1043 #
1044 # * `serviceAccount:{emailid}`: An email address that represents a service
1045 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1046 #
1047 # * `group:{emailid}`: An email address that represents a Google group.
1048 # For example, `admins@example.com`.
1049 #
1050 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1051 # identifier) representing a user that has been recently deleted. For
1052 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1053 # recovered, this value reverts to `user:{emailid}` and the recovered user
1054 # retains the role in the binding.
1055 #
1056 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1057 # unique identifier) representing a service account that has been recently
1058 # deleted. For example,
1059 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1060 # If the service account is undeleted, this value reverts to
1061 # `serviceAccount:{emailid}` and the undeleted service account retains the
1062 # role in the binding.
1063 #
1064 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1065 # identifier) representing a Google group that has been recently
1066 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1067 # the group is recovered, this value reverts to `group:{emailid}` and the
1068 # recovered group retains the role in the binding.
1069 #
1070 #
1071 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1072 # users of that domain. For example, `google.com` or `example.com`.
1073 #
1074 &quot;A String&quot;,
1075 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001076 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1077 #
1078 # If the condition evaluates to `true`, then this binding applies to the
1079 # current request.
1080 #
1081 # If the condition evaluates to `false`, then this binding does not apply to
1082 # the current request. However, a different role binding might grant the same
1083 # role to one or more of the members in this binding.
1084 #
1085 # To learn which resources support conditions in their IAM policies, see the
1086 # [IAM
1087 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1088 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1089 # are documented at https://github.com/google/cel-spec.
1090 #
1091 # Example (Comparison):
1092 #
1093 # title: &quot;Summary size limit&quot;
1094 # description: &quot;Determines if a summary is less than 100 chars&quot;
1095 # expression: &quot;document.summary.size() &lt; 100&quot;
1096 #
1097 # Example (Equality):
1098 #
1099 # title: &quot;Requestor is owner&quot;
1100 # description: &quot;Determines if requestor is the document owner&quot;
1101 # expression: &quot;document.owner == request.auth.claims.email&quot;
1102 #
1103 # Example (Logic):
1104 #
1105 # title: &quot;Public documents&quot;
1106 # description: &quot;Determine whether the document should be publicly visible&quot;
1107 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1108 #
1109 # Example (Data Manipulation):
1110 #
1111 # title: &quot;Notification string&quot;
1112 # description: &quot;Create a notification string with a timestamp.&quot;
1113 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1114 #
1115 # The exact variables and functions that may be referenced within an expression
1116 # are determined by the service that evaluates it. See the service
1117 # documentation for additional information.
1118 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1119 # syntax.
1120 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1121 # reporting, e.g. a file name and a position in the file.
1122 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1123 # describes the expression, e.g. when hovered over it in a UI.
1124 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1125 # its purpose. This can be used e.g. in UIs which allow to enter the
1126 # expression.
1127 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001128 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1129 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1130 },
1131 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001132 &quot;version&quot;: 42, # Specifies the format of the policy.
1133 #
1134 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1135 # are rejected.
1136 #
1137 # Any operation that affects conditional role bindings must specify version
1138 # `3`. This requirement applies to the following operations:
1139 #
1140 # * Getting a policy that includes a conditional role binding
1141 # * Adding a conditional role binding to a policy
1142 # * Changing a conditional role binding in a policy
1143 # * Removing any role binding, with or without a condition, from a policy
1144 # that includes conditions
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001145 #
1146 # **Important:** If you use IAM Conditions, you must include the `etag` field
1147 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1148 # you to overwrite a version `3` policy with a version `1` policy, and all of
1149 # the conditions in the version `3` policy are lost.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001150 #
1151 # If a policy does not include any conditions, operations on that policy may
1152 # specify any valid version or leave the field unset.
1153 #
1154 # To learn which resources support conditions in their IAM policies, see the
1155 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Bu Sun Kim65020912020-05-20 12:08:20 -07001156 },
1157 &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1158 # the fields in the mask will be modified. If no mask is provided, the
1159 # following default mask is used:
1160 #
1161 # `paths: &quot;bindings, etag&quot;`
1162 }
1163
1164 x__xgafv: string, V1 error format.
1165 Allowed values
1166 1 - v1 error format
1167 2 - v2 error format
1168
1169Returns:
1170 An object of the form:
1171
1172 { # An Identity and Access Management (IAM) policy, which specifies access
1173 # controls for Google Cloud resources.
1174 #
1175 #
1176 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1177 # `members` to a single `role`. Members can be user accounts, service accounts,
1178 # Google groups, and domains (such as G Suite). A `role` is a named list of
1179 # permissions; each `role` can be an IAM predefined role or a user-created
1180 # custom role.
1181 #
1182 # For some types of Google Cloud resources, a `binding` can also specify a
1183 # `condition`, which is a logical expression that allows access to a resource
1184 # only if the expression evaluates to `true`. A condition can add constraints
1185 # based on attributes of the request, the resource, or both. To learn which
1186 # resources support conditions in their IAM policies, see the
1187 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1188 #
1189 # **JSON example:**
1190 #
1191 # {
1192 # &quot;bindings&quot;: [
1193 # {
1194 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1195 # &quot;members&quot;: [
1196 # &quot;user:mike@example.com&quot;,
1197 # &quot;group:admins@example.com&quot;,
1198 # &quot;domain:google.com&quot;,
1199 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
1200 # ]
1201 # },
1202 # {
1203 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1204 # &quot;members&quot;: [
1205 # &quot;user:eve@example.com&quot;
1206 # ],
1207 # &quot;condition&quot;: {
1208 # &quot;title&quot;: &quot;expirable access&quot;,
1209 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1210 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
1211 # }
1212 # }
1213 # ],
1214 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1215 # &quot;version&quot;: 3
1216 # }
1217 #
1218 # **YAML example:**
1219 #
1220 # bindings:
1221 # - members:
1222 # - user:mike@example.com
1223 # - group:admins@example.com
1224 # - domain:google.com
1225 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1226 # role: roles/resourcemanager.organizationAdmin
1227 # - members:
1228 # - user:eve@example.com
1229 # role: roles/resourcemanager.organizationViewer
1230 # condition:
1231 # title: expirable access
1232 # description: Does not grant access after Sep 2020
1233 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
1234 # - etag: BwWWja0YfJA=
1235 # - version: 3
1236 #
1237 # For a description of IAM and its features, see the
1238 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -07001239 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1240 { # Specifies the audit configuration for a service.
1241 # The configuration determines which permission types are logged, and what
1242 # identities, if any, are exempted from logging.
1243 # An AuditConfig must have one or more AuditLogConfigs.
1244 #
1245 # If there are AuditConfigs for both `allServices` and a specific service,
1246 # the union of the two AuditConfigs is used for that service: the log_types
1247 # specified in each AuditConfig are enabled, and the exempted_members in each
1248 # AuditLogConfig are exempted.
1249 #
1250 # Example Policy with multiple AuditConfigs:
1251 #
1252 # {
1253 # &quot;audit_configs&quot;: [
1254 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001255 # &quot;service&quot;: &quot;allServices&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -07001256 # &quot;audit_log_configs&quot;: [
1257 # {
1258 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1259 # &quot;exempted_members&quot;: [
1260 # &quot;user:jose@example.com&quot;
1261 # ]
1262 # },
1263 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001264 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -07001265 # },
1266 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001267 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -07001268 # }
1269 # ]
1270 # },
1271 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001272 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
Bu Sun Kim65020912020-05-20 12:08:20 -07001273 # &quot;audit_log_configs&quot;: [
1274 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001275 # &quot;log_type&quot;: &quot;DATA_READ&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -07001276 # },
1277 # {
1278 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1279 # &quot;exempted_members&quot;: [
1280 # &quot;user:aliya@example.com&quot;
1281 # ]
1282 # }
1283 # ]
1284 # }
1285 # ]
1286 # }
1287 #
1288 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1289 # logging. It also exempts jose@example.com from DATA_READ logging, and
1290 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -07001291 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1292 { # Provides the configuration for logging a type of permissions.
1293 # Example:
1294 #
1295 # {
1296 # &quot;audit_log_configs&quot;: [
1297 # {
1298 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1299 # &quot;exempted_members&quot;: [
1300 # &quot;user:jose@example.com&quot;
1301 # ]
1302 # },
1303 # {
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001304 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;
Bu Sun Kim65020912020-05-20 12:08:20 -07001305 # }
1306 # ]
1307 # }
1308 #
1309 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1310 # jose@example.com from DATA_READ logging.
1311 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1312 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1313 # permission.
1314 # Follows the same format of Binding.members.
1315 &quot;A String&quot;,
1316 ],
1317 },
1318 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001319 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1320 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1321 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -07001322 },
1323 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001324 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1325 # prevent simultaneous updates of a policy from overwriting each other.
1326 # It is strongly suggested that systems make use of the `etag` in the
1327 # read-modify-write cycle to perform policy updates in order to avoid race
1328 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1329 # systems are expected to put that etag in the request to `setIamPolicy` to
1330 # ensure that their change will be applied to the same version of the policy.
1331 #
1332 # **Important:** If you use IAM Conditions, you must include the `etag` field
1333 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1334 # you to overwrite a version `3` policy with a version `1` policy, and all of
1335 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -07001336 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
1337 # `condition` that determines how and when the `bindings` are applied. Each
1338 # of the `bindings` must contain at least one member.
1339 { # Associates `members` with a `role`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001340 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
1341 # `members` can have the following values:
1342 #
1343 # * `allUsers`: A special identifier that represents anyone who is
1344 # on the internet; with or without a Google account.
1345 #
1346 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1347 # who is authenticated with a Google account or a service account.
1348 #
1349 # * `user:{emailid}`: An email address that represents a specific Google
1350 # account. For example, `alice@example.com` .
1351 #
1352 #
1353 # * `serviceAccount:{emailid}`: An email address that represents a service
1354 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1355 #
1356 # * `group:{emailid}`: An email address that represents a Google group.
1357 # For example, `admins@example.com`.
1358 #
1359 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1360 # identifier) representing a user that has been recently deleted. For
1361 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1362 # recovered, this value reverts to `user:{emailid}` and the recovered user
1363 # retains the role in the binding.
1364 #
1365 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1366 # unique identifier) representing a service account that has been recently
1367 # deleted. For example,
1368 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1369 # If the service account is undeleted, this value reverts to
1370 # `serviceAccount:{emailid}` and the undeleted service account retains the
1371 # role in the binding.
1372 #
1373 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1374 # identifier) representing a Google group that has been recently
1375 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1376 # the group is recovered, this value reverts to `group:{emailid}` and the
1377 # recovered group retains the role in the binding.
1378 #
1379 #
1380 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1381 # users of that domain. For example, `google.com` or `example.com`.
1382 #
1383 &quot;A String&quot;,
1384 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001385 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1386 #
1387 # If the condition evaluates to `true`, then this binding applies to the
1388 # current request.
1389 #
1390 # If the condition evaluates to `false`, then this binding does not apply to
1391 # the current request. However, a different role binding might grant the same
1392 # role to one or more of the members in this binding.
1393 #
1394 # To learn which resources support conditions in their IAM policies, see the
1395 # [IAM
1396 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1397 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1398 # are documented at https://github.com/google/cel-spec.
1399 #
1400 # Example (Comparison):
1401 #
1402 # title: &quot;Summary size limit&quot;
1403 # description: &quot;Determines if a summary is less than 100 chars&quot;
1404 # expression: &quot;document.summary.size() &lt; 100&quot;
1405 #
1406 # Example (Equality):
1407 #
1408 # title: &quot;Requestor is owner&quot;
1409 # description: &quot;Determines if requestor is the document owner&quot;
1410 # expression: &quot;document.owner == request.auth.claims.email&quot;
1411 #
1412 # Example (Logic):
1413 #
1414 # title: &quot;Public documents&quot;
1415 # description: &quot;Determine whether the document should be publicly visible&quot;
1416 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1417 #
1418 # Example (Data Manipulation):
1419 #
1420 # title: &quot;Notification string&quot;
1421 # description: &quot;Create a notification string with a timestamp.&quot;
1422 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1423 #
1424 # The exact variables and functions that may be referenced within an expression
1425 # are determined by the service that evaluates it. See the service
1426 # documentation for additional information.
1427 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1428 # syntax.
1429 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1430 # reporting, e.g. a file name and a position in the file.
1431 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1432 # describes the expression, e.g. when hovered over it in a UI.
1433 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1434 # its purpose. This can be used e.g. in UIs which allow to enter the
1435 # expression.
1436 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001437 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1438 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1439 },
1440 ],
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001441 &quot;version&quot;: 42, # Specifies the format of the policy.
1442 #
1443 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1444 # are rejected.
1445 #
1446 # Any operation that affects conditional role bindings must specify version
1447 # `3`. This requirement applies to the following operations:
1448 #
1449 # * Getting a policy that includes a conditional role binding
1450 # * Adding a conditional role binding to a policy
1451 # * Changing a conditional role binding in a policy
1452 # * Removing any role binding, with or without a condition, from a policy
1453 # that includes conditions
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001454 #
1455 # **Important:** If you use IAM Conditions, you must include the `etag` field
1456 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1457 # you to overwrite a version `3` policy with a version `1` policy, and all of
1458 # the conditions in the version `3` policy are lost.
Bu Sun Kimd059ad82020-07-22 17:02:09 -07001459 #
1460 # If a policy does not include any conditions, operations on that policy may
1461 # specify any valid version or leave the field unset.
1462 #
1463 # To learn which resources support conditions in their IAM policies, see the
1464 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Bu Sun Kim65020912020-05-20 12:08:20 -07001465 }</pre>
1466</div>
1467
1468<div class="method">
1469 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
1470 <pre>Returns permissions that a caller has for the specified secret.
1471If the secret does not exist, this call returns an empty set of
1472permissions, not a NOT_FOUND error.
1473
1474Note: This operation is designed to be used for building permission-aware
1475UIs and command-line tools, not for authorization checking. This operation
1476may &quot;fail open&quot; without warning.
1477
1478Args:
1479 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1480See the operation documentation for the appropriate value for this field. (required)
1481 body: object, The request body.
1482 The object takes the form of:
1483
1484{ # Request message for `TestIamPermissions` method.
1485 &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
1486 # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
1487 # information see
1488 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
1489 &quot;A String&quot;,
1490 ],
1491 }
1492
1493 x__xgafv: string, V1 error format.
1494 Allowed values
1495 1 - v1 error format
1496 2 - v2 error format
1497
1498Returns:
1499 An object of the form:
1500
1501 { # Response message for `TestIamPermissions` method.
1502 &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1503 # allowed.
1504 &quot;A String&quot;,
1505 ],
1506 }</pre>
1507</div>
1508
1509</body></html>