Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1 | <html><body> |
| 2 | <style> |
| 3 | |
| 4 | body, h1, h2, h3, div, span, p, pre, a { |
| 5 | margin: 0; |
| 6 | padding: 0; |
| 7 | border: 0; |
| 8 | font-weight: inherit; |
| 9 | font-style: inherit; |
| 10 | font-size: 100%; |
| 11 | font-family: inherit; |
| 12 | vertical-align: baseline; |
| 13 | } |
| 14 | |
| 15 | body { |
| 16 | font-size: 13px; |
| 17 | padding: 1em; |
| 18 | } |
| 19 | |
| 20 | h1 { |
| 21 | font-size: 26px; |
| 22 | margin-bottom: 1em; |
| 23 | } |
| 24 | |
| 25 | h2 { |
| 26 | font-size: 24px; |
| 27 | margin-bottom: 1em; |
| 28 | } |
| 29 | |
| 30 | h3 { |
| 31 | font-size: 20px; |
| 32 | margin-bottom: 1em; |
| 33 | margin-top: 1em; |
| 34 | } |
| 35 | |
| 36 | pre, code { |
| 37 | line-height: 1.5; |
| 38 | font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| 39 | } |
| 40 | |
| 41 | pre { |
| 42 | margin-top: 0.5em; |
| 43 | } |
| 44 | |
| 45 | h1, h2, h3, p { |
| 46 | font-family: Arial, sans serif; |
| 47 | } |
| 48 | |
| 49 | h1, h2, h3 { |
| 50 | border-bottom: solid #CCC 1px; |
| 51 | } |
| 52 | |
| 53 | .toc_element { |
| 54 | margin-top: 0.5em; |
| 55 | } |
| 56 | |
| 57 | .firstline { |
| 58 | margin-left: 2 em; |
| 59 | } |
| 60 | |
| 61 | .method { |
| 62 | margin-top: 1em; |
| 63 | border: solid 1px #CCC; |
| 64 | padding: 1em; |
| 65 | background: #EEE; |
| 66 | } |
| 67 | |
| 68 | .details { |
| 69 | font-weight: bold; |
| 70 | font-size: 14px; |
| 71 | } |
| 72 | |
| 73 | </style> |
| 74 | |
| 75 | <h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1.accessPolicies.accessLevels.html">accessLevels</a></h1> |
| 76 | <h2>Instance Methods</h2> |
| 77 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 78 | <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 79 | <p class="firstline">Create an Access Level. The longrunning</p> |
| 80 | <p class="toc_element"> |
| 81 | <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| 82 | <p class="firstline">Delete an Access Level by resource</p> |
| 83 | <p class="toc_element"> |
| 84 | <code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p> |
| 85 | <p class="firstline">Get an Access Level by resource</p> |
| 86 | <p class="toc_element"> |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 87 | <code><a href="#list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 88 | <p class="firstline">List all Access Levels for an access</p> |
| 89 | <p class="toc_element"> |
| 90 | <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| 91 | <p class="firstline">Retrieves the next page of results.</p> |
| 92 | <p class="toc_element"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 93 | <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 94 | <p class="firstline">Update an Access Level. The longrunning</p> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 95 | <p class="toc_element"> |
| 96 | <code><a href="#replaceAll">replaceAll(parent, body=None, x__xgafv=None)</a></code></p> |
| 97 | <p class="firstline">Replace all existing Access Levels in an Access</p> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 98 | <h3>Method Details</h3> |
| 99 | <div class="method"> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 100 | <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code> |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 101 | <pre>Create an Access Level. The longrunning |
| 102 | operation from this RPC will have a successful status once the Access |
| 103 | Level has |
| 104 | propagated to long-lasting storage. Access Levels containing |
| 105 | errors will result in an error response for the first error encountered. |
| 106 | |
| 107 | Args: |
| 108 | parent: string, Required. Resource name for the access policy which owns this Access |
| 109 | Level. |
| 110 | |
| 111 | Format: `accessPolicies/{policy_id}` (required) |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 112 | body: object, The request body. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 113 | The object takes the form of: |
| 114 | |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 115 | { # An `AccessLevel` is a label that can be applied to requests to Google Cloud |
| 116 | # services, along with a list of requirements necessary for the label to be |
| 117 | # applied. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 118 | "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language. |
| 119 | # to represent the necessary conditions for the level to apply to a request. |
| 120 | # See CEL spec at: https://github.com/google/cel-spec |
| 121 | "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean. |
| 122 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 123 | # are documented at https://github.com/google/cel-spec. |
| 124 | # |
| 125 | # Example (Comparison): |
| 126 | # |
| 127 | # title: "Summary size limit" |
| 128 | # description: "Determines if a summary is less than 100 chars" |
| 129 | # expression: "document.summary.size() < 100" |
| 130 | # |
| 131 | # Example (Equality): |
| 132 | # |
| 133 | # title: "Requestor is owner" |
| 134 | # description: "Determines if requestor is the document owner" |
| 135 | # expression: "document.owner == request.auth.claims.email" |
| 136 | # |
| 137 | # Example (Logic): |
| 138 | # |
| 139 | # title: "Public documents" |
| 140 | # description: "Determine whether the document should be publicly visible" |
| 141 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 142 | # |
| 143 | # Example (Data Manipulation): |
| 144 | # |
| 145 | # title: "Notification string" |
| 146 | # description: "Create a notification string with a timestamp." |
| 147 | # expression: "'New message received at ' + string(document.create_time)" |
| 148 | # |
| 149 | # The exact variables and functions that may be referenced within an expression |
| 150 | # are determined by the service that evaluates it. See the service |
| 151 | # documentation for additional information. |
| 152 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 153 | # describes the expression, e.g. when hovered over it in a UI. |
| 154 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 155 | # syntax. |
| 156 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 157 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 158 | # expression. |
| 159 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 160 | # reporting, e.g. a file name and a position in the file. |
| 161 | }, |
| 162 | }, |
| 163 | "title": "A String", # Human readable title. Must be unique within the Policy. |
| 164 | "name": "A String", # Required. Resource name for the Access Level. The `short_name` component |
| 165 | # must begin with a letter and only include alphanumeric and '_'. Format: |
| 166 | # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 167 | # of the `short_name` component is 50 characters. |
| 168 | "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. |
| 169 | "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 170 | { # A condition necessary for an `AccessLevel` to be granted. The Condition is an |
| 171 | # AND over its fields. So a Condition is true if: 1) the request IP is from one |
| 172 | # of the listed subnetworks AND 2) the originating device complies with the |
| 173 | # listed device policy AND 3) all listed access levels are granted AND 4) the |
| 174 | # request was sent at a time allowed by the DateTimeRestriction. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 175 | "regions": [ # The request must originate from one of the provided countries/regions. |
| 176 | # Must be valid ISO 3166-1 alpha-2 codes. |
| 177 | "A String", |
| 178 | ], |
| 179 | "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 180 | # resource name. Referencing an `AccessLevel` which does not exist is an |
| 181 | # error. All access levels listed must be granted for the Condition |
| 182 | # to be true. Example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 183 | # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` |
| 184 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 185 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 186 | "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 187 | # Condition to be true. If not specified, all devices are allowed. |
| 188 | # given access level. A `DevicePolicy` specifies requirements for requests from |
| 189 | # devices to be granted access levels, it does not do any enforcement on the |
| 190 | # device. `DevicePolicy` acts as an AND over all specified fields, and each |
| 191 | # repeated field is an OR over its elements. Any unset fields are ignored. For |
| 192 | # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : |
| 193 | # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be |
| 194 | # true for requests originating from encrypted Linux desktops and encrypted |
| 195 | # Windows desktops. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 196 | "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management |
| 197 | # levels. |
| 198 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 199 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 200 | "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 201 | { # A restriction on the OS type and version of devices making requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 202 | "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS |
| 203 | # satisfies the constraint. Format: `"major.minor.patch"`. |
| 204 | # Examples: `"10.5.301"`, `"9.2.1"`. |
| 205 | "osType": "A String", # Required. The allowed OS type. |
| 206 | "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 207 | # Verifications includes requirements that the device is enterprise-managed, |
| 208 | # conformant to domain policies, and the caller has permission to call |
| 209 | # the API targeted by the request. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 210 | }, |
| 211 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 212 | "requireCorpOwned": True or False, # Whether the device needs to be corp owned. |
| 213 | "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. |
| 214 | "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 215 | # Defaults to `false`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 216 | "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. |
| 217 | "A String", |
| 218 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 219 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 220 | "members": [ # The request must be made by one of the provided user or service |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 221 | # accounts. Groups are not supported. |
| 222 | # Syntax: |
| 223 | # `user:{emailid}` |
| 224 | # `serviceAccount:{emailid}` |
| 225 | # If not specified, a request may come from any user. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 226 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 227 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 228 | "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 229 | # its non-empty fields, each field must be false for the Condition overall to |
| 230 | # be satisfied. Defaults to false. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 231 | "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for |
| 232 | # a CIDR IP address block, the specified IP address portion must be properly |
| 233 | # truncated (i.e. all the host bits must be zero) or the input is considered |
| 234 | # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is |
| 235 | # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas |
| 236 | # "2001:db8::1/32" is not. The originating IP of a request must be in one of |
| 237 | # the listed subnets in order for this Condition to be true. If empty, all IP |
| 238 | # addresses are allowed. |
| 239 | "A String", |
| 240 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 241 | }, |
| 242 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 243 | "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is |
| 244 | # granted this `AccessLevel`. If AND is used, each `Condition` in |
| 245 | # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR |
| 246 | # is used, at least one `Condition` in `conditions` must be satisfied for the |
| 247 | # `AccessLevel` to be applied. Default behavior is AND. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 248 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 249 | "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 250 | } |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 251 | |
| 252 | x__xgafv: string, V1 error format. |
| 253 | Allowed values |
| 254 | 1 - v1 error format |
| 255 | 2 - v2 error format |
| 256 | |
| 257 | Returns: |
| 258 | An object of the form: |
| 259 | |
| 260 | { # This resource represents a long-running operation that is the result of a |
| 261 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 262 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 263 | # If `true`, the operation is completed, and either `error` or `response` is |
| 264 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 265 | "response": { # The normal response of the operation in case of success. If the original |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 266 | # method returns no data on success, such as `Delete`, the response is |
| 267 | # `google.protobuf.Empty`. If the original method is standard |
| 268 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 269 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 270 | # is the original method name. For example, if the original method name |
| 271 | # is `TakeSnapshot()`, the inferred response type is |
| 272 | # `TakeSnapshotResponse`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 273 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 274 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 275 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 276 | # originally returns it. If you use the default HTTP mapping, the |
| 277 | # `name` should be a resource name ending with `operations/{unique_id}`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 278 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 279 | # different programming environments, including REST APIs and RPC APIs. It is |
| 280 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 281 | # three pieces of data: error code, error message, and error details. |
| 282 | # |
| 283 | # You can find out more about this error model and how to work with it in the |
| 284 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 285 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 286 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 287 | # user-facing error message should be localized and sent in the |
| 288 | # google.rpc.Status.details field, or localized by the client. |
| 289 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 290 | # message types for APIs to use. |
| 291 | { |
| 292 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 293 | }, |
| 294 | ], |
| 295 | }, |
| 296 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 297 | # contains progress information and common metadata such as create time. |
| 298 | # Some services might not provide such metadata. Any method that returns a |
| 299 | # long-running operation should document the metadata type, if any. |
| 300 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 301 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 302 | }</pre> |
| 303 | </div> |
| 304 | |
| 305 | <div class="method"> |
| 306 | <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| 307 | <pre>Delete an Access Level by resource |
| 308 | name. The longrunning operation from this RPC will have a successful status |
| 309 | once the Access Level has been removed |
| 310 | from long-lasting storage. |
| 311 | |
| 312 | Args: |
| 313 | name: string, Required. Resource name for the Access Level. |
| 314 | |
| 315 | Format: |
| 316 | `accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required) |
| 317 | x__xgafv: string, V1 error format. |
| 318 | Allowed values |
| 319 | 1 - v1 error format |
| 320 | 2 - v2 error format |
| 321 | |
| 322 | Returns: |
| 323 | An object of the form: |
| 324 | |
| 325 | { # This resource represents a long-running operation that is the result of a |
| 326 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 327 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 328 | # If `true`, the operation is completed, and either `error` or `response` is |
| 329 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 330 | "response": { # The normal response of the operation in case of success. If the original |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 331 | # method returns no data on success, such as `Delete`, the response is |
| 332 | # `google.protobuf.Empty`. If the original method is standard |
| 333 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 334 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 335 | # is the original method name. For example, if the original method name |
| 336 | # is `TakeSnapshot()`, the inferred response type is |
| 337 | # `TakeSnapshotResponse`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 338 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 339 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 340 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 341 | # originally returns it. If you use the default HTTP mapping, the |
| 342 | # `name` should be a resource name ending with `operations/{unique_id}`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 343 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 344 | # different programming environments, including REST APIs and RPC APIs. It is |
| 345 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 346 | # three pieces of data: error code, error message, and error details. |
| 347 | # |
| 348 | # You can find out more about this error model and how to work with it in the |
| 349 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 350 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 351 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 352 | # user-facing error message should be localized and sent in the |
| 353 | # google.rpc.Status.details field, or localized by the client. |
| 354 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 355 | # message types for APIs to use. |
| 356 | { |
| 357 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 358 | }, |
| 359 | ], |
| 360 | }, |
| 361 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 362 | # contains progress information and common metadata such as create time. |
| 363 | # Some services might not provide such metadata. Any method that returns a |
| 364 | # long-running operation should document the metadata type, if any. |
| 365 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 366 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 367 | }</pre> |
| 368 | </div> |
| 369 | |
| 370 | <div class="method"> |
| 371 | <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code> |
| 372 | <pre>Get an Access Level by resource |
| 373 | name. |
| 374 | |
| 375 | Args: |
| 376 | name: string, Required. Resource name for the Access Level. |
| 377 | |
| 378 | Format: |
| 379 | `accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required) |
| 380 | accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression |
| 381 | Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where |
| 382 | Access Levels |
| 383 | are returned as `BasicLevels` or `CustomLevels` based on how they were |
| 384 | created. If set to CEL, all Access Levels are returned as |
| 385 | `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent |
| 386 | `CustomLevels`. |
| 387 | x__xgafv: string, V1 error format. |
| 388 | Allowed values |
| 389 | 1 - v1 error format |
| 390 | 2 - v2 error format |
| 391 | |
| 392 | Returns: |
| 393 | An object of the form: |
| 394 | |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 395 | { # An `AccessLevel` is a label that can be applied to requests to Google Cloud |
| 396 | # services, along with a list of requirements necessary for the label to be |
| 397 | # applied. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 398 | "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language. |
| 399 | # to represent the necessary conditions for the level to apply to a request. |
| 400 | # See CEL spec at: https://github.com/google/cel-spec |
| 401 | "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean. |
| 402 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 403 | # are documented at https://github.com/google/cel-spec. |
| 404 | # |
| 405 | # Example (Comparison): |
| 406 | # |
| 407 | # title: "Summary size limit" |
| 408 | # description: "Determines if a summary is less than 100 chars" |
| 409 | # expression: "document.summary.size() < 100" |
| 410 | # |
| 411 | # Example (Equality): |
| 412 | # |
| 413 | # title: "Requestor is owner" |
| 414 | # description: "Determines if requestor is the document owner" |
| 415 | # expression: "document.owner == request.auth.claims.email" |
| 416 | # |
| 417 | # Example (Logic): |
| 418 | # |
| 419 | # title: "Public documents" |
| 420 | # description: "Determine whether the document should be publicly visible" |
| 421 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 422 | # |
| 423 | # Example (Data Manipulation): |
| 424 | # |
| 425 | # title: "Notification string" |
| 426 | # description: "Create a notification string with a timestamp." |
| 427 | # expression: "'New message received at ' + string(document.create_time)" |
| 428 | # |
| 429 | # The exact variables and functions that may be referenced within an expression |
| 430 | # are determined by the service that evaluates it. See the service |
| 431 | # documentation for additional information. |
| 432 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 433 | # describes the expression, e.g. when hovered over it in a UI. |
| 434 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 435 | # syntax. |
| 436 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 437 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 438 | # expression. |
| 439 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 440 | # reporting, e.g. a file name and a position in the file. |
| 441 | }, |
| 442 | }, |
| 443 | "title": "A String", # Human readable title. Must be unique within the Policy. |
| 444 | "name": "A String", # Required. Resource name for the Access Level. The `short_name` component |
| 445 | # must begin with a letter and only include alphanumeric and '_'. Format: |
| 446 | # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 447 | # of the `short_name` component is 50 characters. |
| 448 | "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. |
| 449 | "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 450 | { # A condition necessary for an `AccessLevel` to be granted. The Condition is an |
| 451 | # AND over its fields. So a Condition is true if: 1) the request IP is from one |
| 452 | # of the listed subnetworks AND 2) the originating device complies with the |
| 453 | # listed device policy AND 3) all listed access levels are granted AND 4) the |
| 454 | # request was sent at a time allowed by the DateTimeRestriction. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 455 | "regions": [ # The request must originate from one of the provided countries/regions. |
| 456 | # Must be valid ISO 3166-1 alpha-2 codes. |
| 457 | "A String", |
| 458 | ], |
| 459 | "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 460 | # resource name. Referencing an `AccessLevel` which does not exist is an |
| 461 | # error. All access levels listed must be granted for the Condition |
| 462 | # to be true. Example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 463 | # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` |
| 464 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 465 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 466 | "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 467 | # Condition to be true. If not specified, all devices are allowed. |
| 468 | # given access level. A `DevicePolicy` specifies requirements for requests from |
| 469 | # devices to be granted access levels, it does not do any enforcement on the |
| 470 | # device. `DevicePolicy` acts as an AND over all specified fields, and each |
| 471 | # repeated field is an OR over its elements. Any unset fields are ignored. For |
| 472 | # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : |
| 473 | # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be |
| 474 | # true for requests originating from encrypted Linux desktops and encrypted |
| 475 | # Windows desktops. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 476 | "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management |
| 477 | # levels. |
| 478 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 479 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 480 | "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 481 | { # A restriction on the OS type and version of devices making requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 482 | "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS |
| 483 | # satisfies the constraint. Format: `"major.minor.patch"`. |
| 484 | # Examples: `"10.5.301"`, `"9.2.1"`. |
| 485 | "osType": "A String", # Required. The allowed OS type. |
| 486 | "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 487 | # Verifications includes requirements that the device is enterprise-managed, |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 488 | # conformant to domain policies, and the caller has permission to call |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 489 | # the API targeted by the request. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 490 | }, |
| 491 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 492 | "requireCorpOwned": True or False, # Whether the device needs to be corp owned. |
| 493 | "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. |
| 494 | "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 495 | # Defaults to `false`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 496 | "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. |
| 497 | "A String", |
| 498 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 499 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 500 | "members": [ # The request must be made by one of the provided user or service |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 501 | # accounts. Groups are not supported. |
| 502 | # Syntax: |
| 503 | # `user:{emailid}` |
| 504 | # `serviceAccount:{emailid}` |
| 505 | # If not specified, a request may come from any user. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 506 | "A String", |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 507 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 508 | "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 509 | # its non-empty fields, each field must be false for the Condition overall to |
| 510 | # be satisfied. Defaults to false. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 511 | "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for |
| 512 | # a CIDR IP address block, the specified IP address portion must be properly |
| 513 | # truncated (i.e. all the host bits must be zero) or the input is considered |
| 514 | # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is |
| 515 | # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas |
| 516 | # "2001:db8::1/32" is not. The originating IP of a request must be in one of |
| 517 | # the listed subnets in order for this Condition to be true. If empty, all IP |
| 518 | # addresses are allowed. |
| 519 | "A String", |
| 520 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 521 | }, |
| 522 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 523 | "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is |
| 524 | # granted this `AccessLevel`. If AND is used, each `Condition` in |
| 525 | # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR |
| 526 | # is used, at least one `Condition` in `conditions` must be satisfied for the |
| 527 | # `AccessLevel` to be applied. Default behavior is AND. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 528 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 529 | "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 530 | }</pre> |
| 531 | </div> |
| 532 | |
| 533 | <div class="method"> |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 534 | <code class="details" id="list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</code> |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 535 | <pre>List all Access Levels for an access |
| 536 | policy. |
| 537 | |
| 538 | Args: |
| 539 | parent: string, Required. Resource name for the access policy to list Access Levels from. |
| 540 | |
| 541 | Format: |
| 542 | `accessPolicies/{policy_id}` (required) |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 543 | pageToken: string, Next page token for the next batch of Access Level instances. |
| 544 | Defaults to the first page of results. |
| 545 | pageSize: integer, Number of Access Levels to include in |
| 546 | the list. Default 100. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 547 | accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as |
| 548 | `CustomLevels`, rather than as `BasicLevels`. Defaults to returning |
| 549 | `AccessLevels` in the format they were defined. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 550 | x__xgafv: string, V1 error format. |
| 551 | Allowed values |
| 552 | 1 - v1 error format |
| 553 | 2 - v2 error format |
| 554 | |
| 555 | Returns: |
| 556 | An object of the form: |
| 557 | |
| 558 | { # A response to `ListAccessLevelsRequest`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 559 | "nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 560 | # empty, no further results remain. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 561 | "accessLevels": [ # List of the Access Level instances. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 562 | { # An `AccessLevel` is a label that can be applied to requests to Google Cloud |
| 563 | # services, along with a list of requirements necessary for the label to be |
| 564 | # applied. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 565 | "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language. |
| 566 | # to represent the necessary conditions for the level to apply to a request. |
| 567 | # See CEL spec at: https://github.com/google/cel-spec |
| 568 | "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean. |
| 569 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 570 | # are documented at https://github.com/google/cel-spec. |
| 571 | # |
| 572 | # Example (Comparison): |
| 573 | # |
| 574 | # title: "Summary size limit" |
| 575 | # description: "Determines if a summary is less than 100 chars" |
| 576 | # expression: "document.summary.size() < 100" |
| 577 | # |
| 578 | # Example (Equality): |
| 579 | # |
| 580 | # title: "Requestor is owner" |
| 581 | # description: "Determines if requestor is the document owner" |
| 582 | # expression: "document.owner == request.auth.claims.email" |
| 583 | # |
| 584 | # Example (Logic): |
| 585 | # |
| 586 | # title: "Public documents" |
| 587 | # description: "Determine whether the document should be publicly visible" |
| 588 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 589 | # |
| 590 | # Example (Data Manipulation): |
| 591 | # |
| 592 | # title: "Notification string" |
| 593 | # description: "Create a notification string with a timestamp." |
| 594 | # expression: "'New message received at ' + string(document.create_time)" |
| 595 | # |
| 596 | # The exact variables and functions that may be referenced within an expression |
| 597 | # are determined by the service that evaluates it. See the service |
| 598 | # documentation for additional information. |
| 599 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 600 | # describes the expression, e.g. when hovered over it in a UI. |
| 601 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 602 | # syntax. |
| 603 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 604 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 605 | # expression. |
| 606 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 607 | # reporting, e.g. a file name and a position in the file. |
| 608 | }, |
| 609 | }, |
| 610 | "title": "A String", # Human readable title. Must be unique within the Policy. |
| 611 | "name": "A String", # Required. Resource name for the Access Level. The `short_name` component |
| 612 | # must begin with a letter and only include alphanumeric and '_'. Format: |
| 613 | # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 614 | # of the `short_name` component is 50 characters. |
| 615 | "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. |
| 616 | "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 617 | { # A condition necessary for an `AccessLevel` to be granted. The Condition is an |
| 618 | # AND over its fields. So a Condition is true if: 1) the request IP is from one |
| 619 | # of the listed subnetworks AND 2) the originating device complies with the |
| 620 | # listed device policy AND 3) all listed access levels are granted AND 4) the |
| 621 | # request was sent at a time allowed by the DateTimeRestriction. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 622 | "regions": [ # The request must originate from one of the provided countries/regions. |
| 623 | # Must be valid ISO 3166-1 alpha-2 codes. |
| 624 | "A String", |
| 625 | ], |
| 626 | "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 627 | # resource name. Referencing an `AccessLevel` which does not exist is an |
| 628 | # error. All access levels listed must be granted for the Condition |
| 629 | # to be true. Example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 630 | # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` |
| 631 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 632 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 633 | "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 634 | # Condition to be true. If not specified, all devices are allowed. |
| 635 | # given access level. A `DevicePolicy` specifies requirements for requests from |
| 636 | # devices to be granted access levels, it does not do any enforcement on the |
| 637 | # device. `DevicePolicy` acts as an AND over all specified fields, and each |
| 638 | # repeated field is an OR over its elements. Any unset fields are ignored. For |
| 639 | # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : |
| 640 | # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be |
| 641 | # true for requests originating from encrypted Linux desktops and encrypted |
| 642 | # Windows desktops. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 643 | "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management |
| 644 | # levels. |
| 645 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 646 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 647 | "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 648 | { # A restriction on the OS type and version of devices making requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 649 | "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS |
| 650 | # satisfies the constraint. Format: `"major.minor.patch"`. |
| 651 | # Examples: `"10.5.301"`, `"9.2.1"`. |
| 652 | "osType": "A String", # Required. The allowed OS type. |
| 653 | "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 654 | # Verifications includes requirements that the device is enterprise-managed, |
| 655 | # conformant to domain policies, and the caller has permission to call |
| 656 | # the API targeted by the request. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 657 | }, |
| 658 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 659 | "requireCorpOwned": True or False, # Whether the device needs to be corp owned. |
| 660 | "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. |
| 661 | "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 662 | # Defaults to `false`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 663 | "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. |
| 664 | "A String", |
| 665 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 666 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 667 | "members": [ # The request must be made by one of the provided user or service |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 668 | # accounts. Groups are not supported. |
| 669 | # Syntax: |
| 670 | # `user:{emailid}` |
| 671 | # `serviceAccount:{emailid}` |
| 672 | # If not specified, a request may come from any user. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 673 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 674 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 675 | "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 676 | # its non-empty fields, each field must be false for the Condition overall to |
| 677 | # be satisfied. Defaults to false. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 678 | "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for |
| 679 | # a CIDR IP address block, the specified IP address portion must be properly |
| 680 | # truncated (i.e. all the host bits must be zero) or the input is considered |
| 681 | # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is |
| 682 | # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas |
| 683 | # "2001:db8::1/32" is not. The originating IP of a request must be in one of |
| 684 | # the listed subnets in order for this Condition to be true. If empty, all IP |
| 685 | # addresses are allowed. |
| 686 | "A String", |
| 687 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 688 | }, |
| 689 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 690 | "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is |
| 691 | # granted this `AccessLevel`. If AND is used, each `Condition` in |
| 692 | # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR |
| 693 | # is used, at least one `Condition` in `conditions` must be satisfied for the |
| 694 | # `AccessLevel` to be applied. Default behavior is AND. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 695 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 696 | "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 697 | }, |
| 698 | ], |
| 699 | }</pre> |
| 700 | </div> |
| 701 | |
| 702 | <div class="method"> |
| 703 | <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| 704 | <pre>Retrieves the next page of results. |
| 705 | |
| 706 | Args: |
| 707 | previous_request: The request for the previous page. (required) |
| 708 | previous_response: The response from the request for the previous page. (required) |
| 709 | |
| 710 | Returns: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 711 | A request object that you can call 'execute()' on to request the next |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 712 | page. Returns None if there are no more items in the collection. |
| 713 | </pre> |
| 714 | </div> |
| 715 | |
| 716 | <div class="method"> |
| 717 | <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| 718 | <pre>Update an Access Level. The longrunning |
| 719 | operation from this RPC will have a successful status once the changes to |
| 720 | the Access Level have propagated |
| 721 | to long-lasting storage. Access Levels containing |
| 722 | errors will result in an error response for the first error encountered. |
| 723 | |
| 724 | Args: |
| 725 | name: string, Required. Resource name for the Access Level. The `short_name` component |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 726 | must begin with a letter and only include alphanumeric and '_'. Format: |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 727 | `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 728 | of the `short_name` component is 50 characters. (required) |
| 729 | body: object, The request body. |
| 730 | The object takes the form of: |
| 731 | |
| 732 | { # An `AccessLevel` is a label that can be applied to requests to Google Cloud |
| 733 | # services, along with a list of requirements necessary for the label to be |
| 734 | # applied. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 735 | "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language. |
| 736 | # to represent the necessary conditions for the level to apply to a request. |
| 737 | # See CEL spec at: https://github.com/google/cel-spec |
| 738 | "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean. |
| 739 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 740 | # are documented at https://github.com/google/cel-spec. |
| 741 | # |
| 742 | # Example (Comparison): |
| 743 | # |
| 744 | # title: "Summary size limit" |
| 745 | # description: "Determines if a summary is less than 100 chars" |
| 746 | # expression: "document.summary.size() < 100" |
| 747 | # |
| 748 | # Example (Equality): |
| 749 | # |
| 750 | # title: "Requestor is owner" |
| 751 | # description: "Determines if requestor is the document owner" |
| 752 | # expression: "document.owner == request.auth.claims.email" |
| 753 | # |
| 754 | # Example (Logic): |
| 755 | # |
| 756 | # title: "Public documents" |
| 757 | # description: "Determine whether the document should be publicly visible" |
| 758 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 759 | # |
| 760 | # Example (Data Manipulation): |
| 761 | # |
| 762 | # title: "Notification string" |
| 763 | # description: "Create a notification string with a timestamp." |
| 764 | # expression: "'New message received at ' + string(document.create_time)" |
| 765 | # |
| 766 | # The exact variables and functions that may be referenced within an expression |
| 767 | # are determined by the service that evaluates it. See the service |
| 768 | # documentation for additional information. |
| 769 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 770 | # describes the expression, e.g. when hovered over it in a UI. |
| 771 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 772 | # syntax. |
| 773 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 774 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 775 | # expression. |
| 776 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 777 | # reporting, e.g. a file name and a position in the file. |
| 778 | }, |
| 779 | }, |
| 780 | "title": "A String", # Human readable title. Must be unique within the Policy. |
| 781 | "name": "A String", # Required. Resource name for the Access Level. The `short_name` component |
| 782 | # must begin with a letter and only include alphanumeric and '_'. Format: |
| 783 | # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 784 | # of the `short_name` component is 50 characters. |
| 785 | "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. |
| 786 | "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 787 | { # A condition necessary for an `AccessLevel` to be granted. The Condition is an |
| 788 | # AND over its fields. So a Condition is true if: 1) the request IP is from one |
| 789 | # of the listed subnetworks AND 2) the originating device complies with the |
| 790 | # listed device policy AND 3) all listed access levels are granted AND 4) the |
| 791 | # request was sent at a time allowed by the DateTimeRestriction. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 792 | "regions": [ # The request must originate from one of the provided countries/regions. |
| 793 | # Must be valid ISO 3166-1 alpha-2 codes. |
| 794 | "A String", |
| 795 | ], |
| 796 | "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 797 | # resource name. Referencing an `AccessLevel` which does not exist is an |
| 798 | # error. All access levels listed must be granted for the Condition |
| 799 | # to be true. Example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 800 | # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` |
| 801 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 802 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 803 | "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 804 | # Condition to be true. If not specified, all devices are allowed. |
| 805 | # given access level. A `DevicePolicy` specifies requirements for requests from |
| 806 | # devices to be granted access levels, it does not do any enforcement on the |
| 807 | # device. `DevicePolicy` acts as an AND over all specified fields, and each |
| 808 | # repeated field is an OR over its elements. Any unset fields are ignored. For |
| 809 | # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : |
| 810 | # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be |
| 811 | # true for requests originating from encrypted Linux desktops and encrypted |
| 812 | # Windows desktops. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 813 | "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management |
| 814 | # levels. |
| 815 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 816 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 817 | "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 818 | { # A restriction on the OS type and version of devices making requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 819 | "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS |
| 820 | # satisfies the constraint. Format: `"major.minor.patch"`. |
| 821 | # Examples: `"10.5.301"`, `"9.2.1"`. |
| 822 | "osType": "A String", # Required. The allowed OS type. |
| 823 | "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 824 | # Verifications includes requirements that the device is enterprise-managed, |
| 825 | # conformant to domain policies, and the caller has permission to call |
| 826 | # the API targeted by the request. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 827 | }, |
| 828 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 829 | "requireCorpOwned": True or False, # Whether the device needs to be corp owned. |
| 830 | "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. |
| 831 | "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 832 | # Defaults to `false`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 833 | "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. |
| 834 | "A String", |
| 835 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 836 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 837 | "members": [ # The request must be made by one of the provided user or service |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 838 | # accounts. Groups are not supported. |
| 839 | # Syntax: |
| 840 | # `user:{emailid}` |
| 841 | # `serviceAccount:{emailid}` |
| 842 | # If not specified, a request may come from any user. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 843 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 844 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 845 | "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 846 | # its non-empty fields, each field must be false for the Condition overall to |
| 847 | # be satisfied. Defaults to false. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 848 | "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for |
| 849 | # a CIDR IP address block, the specified IP address portion must be properly |
| 850 | # truncated (i.e. all the host bits must be zero) or the input is considered |
| 851 | # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is |
| 852 | # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas |
| 853 | # "2001:db8::1/32" is not. The originating IP of a request must be in one of |
| 854 | # the listed subnets in order for this Condition to be true. If empty, all IP |
| 855 | # addresses are allowed. |
| 856 | "A String", |
| 857 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 858 | }, |
| 859 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 860 | "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is |
| 861 | # granted this `AccessLevel`. If AND is used, each `Condition` in |
| 862 | # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR |
| 863 | # is used, at least one `Condition` in `conditions` must be satisfied for the |
| 864 | # `AccessLevel` to be applied. Default behavior is AND. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 865 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 866 | "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 867 | } |
| 868 | |
| 869 | updateMask: string, Required. Mask to control which fields get updated. Must be non-empty. |
| 870 | x__xgafv: string, V1 error format. |
| 871 | Allowed values |
| 872 | 1 - v1 error format |
| 873 | 2 - v2 error format |
| 874 | |
| 875 | Returns: |
| 876 | An object of the form: |
| 877 | |
| 878 | { # This resource represents a long-running operation that is the result of a |
| 879 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 880 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 881 | # If `true`, the operation is completed, and either `error` or `response` is |
| 882 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 883 | "response": { # The normal response of the operation in case of success. If the original |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 884 | # method returns no data on success, such as `Delete`, the response is |
| 885 | # `google.protobuf.Empty`. If the original method is standard |
| 886 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 887 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 888 | # is the original method name. For example, if the original method name |
| 889 | # is `TakeSnapshot()`, the inferred response type is |
| 890 | # `TakeSnapshotResponse`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 891 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 892 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 893 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 894 | # originally returns it. If you use the default HTTP mapping, the |
| 895 | # `name` should be a resource name ending with `operations/{unique_id}`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 896 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 897 | # different programming environments, including REST APIs and RPC APIs. It is |
| 898 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 899 | # three pieces of data: error code, error message, and error details. |
| 900 | # |
| 901 | # You can find out more about this error model and how to work with it in the |
| 902 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 903 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 904 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 905 | # user-facing error message should be localized and sent in the |
| 906 | # google.rpc.Status.details field, or localized by the client. |
| 907 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 908 | # message types for APIs to use. |
| 909 | { |
| 910 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 911 | }, |
| 912 | ], |
| 913 | }, |
| 914 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 915 | # contains progress information and common metadata such as create time. |
| 916 | # Some services might not provide such metadata. Any method that returns a |
| 917 | # long-running operation should document the metadata type, if any. |
| 918 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 919 | }, |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 920 | }</pre> |
| 921 | </div> |
| 922 | |
| 923 | <div class="method"> |
| 924 | <code class="details" id="replaceAll">replaceAll(parent, body=None, x__xgafv=None)</code> |
| 925 | <pre>Replace all existing Access Levels in an Access |
| 926 | Policy with |
| 927 | the Access Levels provided. This |
| 928 | is done atomically. The longrunning operation from this RPC will have a |
| 929 | successful status once all replacements have propagated to long-lasting |
| 930 | storage. Replacements containing errors will result in an error response |
| 931 | for the first error encountered. Replacement will be cancelled on error, |
| 932 | existing Access Levels will not be |
| 933 | affected. Operation.response field will contain |
| 934 | ReplaceAccessLevelsResponse. Removing Access Levels contained in existing |
| 935 | Service Perimeters will result in |
| 936 | error. |
| 937 | |
| 938 | Args: |
| 939 | parent: string, Required. Resource name for the access policy which owns these |
| 940 | Access Levels. |
| 941 | |
| 942 | Format: `accessPolicies/{policy_id}` (required) |
| 943 | body: object, The request body. |
| 944 | The object takes the form of: |
| 945 | |
| 946 | { # A request to replace all existing Access Levels in an Access Policy with |
| 947 | # the Access Levels provided. This is done atomically. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 948 | "etag": "A String", # Optional. The etag for the version of the Access Policy that this |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 949 | # replace operation is to be performed on. If, at the time of replace, the |
| 950 | # etag for the Access Policy stored in Access Context Manager is different |
| 951 | # from the specified etag, then the replace operation will not be performed |
| 952 | # and the call will fail. This field is not required. If etag is not |
| 953 | # provided, the operation will be performed as if a valid etag is provided. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 954 | "accessLevels": [ # Required. The desired Access Levels that should |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 955 | # replace all existing Access Levels in the |
| 956 | # Access Policy. |
| 957 | { # An `AccessLevel` is a label that can be applied to requests to Google Cloud |
| 958 | # services, along with a list of requirements necessary for the label to be |
| 959 | # applied. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 960 | "custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language. |
| 961 | # to represent the necessary conditions for the level to apply to a request. |
| 962 | # See CEL spec at: https://github.com/google/cel-spec |
| 963 | "expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean. |
| 964 | # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| 965 | # are documented at https://github.com/google/cel-spec. |
| 966 | # |
| 967 | # Example (Comparison): |
| 968 | # |
| 969 | # title: "Summary size limit" |
| 970 | # description: "Determines if a summary is less than 100 chars" |
| 971 | # expression: "document.summary.size() < 100" |
| 972 | # |
| 973 | # Example (Equality): |
| 974 | # |
| 975 | # title: "Requestor is owner" |
| 976 | # description: "Determines if requestor is the document owner" |
| 977 | # expression: "document.owner == request.auth.claims.email" |
| 978 | # |
| 979 | # Example (Logic): |
| 980 | # |
| 981 | # title: "Public documents" |
| 982 | # description: "Determine whether the document should be publicly visible" |
| 983 | # expression: "document.type != 'private' && document.type != 'internal'" |
| 984 | # |
| 985 | # Example (Data Manipulation): |
| 986 | # |
| 987 | # title: "Notification string" |
| 988 | # description: "Create a notification string with a timestamp." |
| 989 | # expression: "'New message received at ' + string(document.create_time)" |
| 990 | # |
| 991 | # The exact variables and functions that may be referenced within an expression |
| 992 | # are determined by the service that evaluates it. See the service |
| 993 | # documentation for additional information. |
| 994 | "description": "A String", # Optional. Description of the expression. This is a longer text which |
| 995 | # describes the expression, e.g. when hovered over it in a UI. |
| 996 | "expression": "A String", # Textual representation of an expression in Common Expression Language |
| 997 | # syntax. |
| 998 | "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| 999 | # its purpose. This can be used e.g. in UIs which allow to enter the |
| 1000 | # expression. |
| 1001 | "location": "A String", # Optional. String indicating the location of the expression for error |
| 1002 | # reporting, e.g. a file name and a position in the file. |
| 1003 | }, |
| 1004 | }, |
| 1005 | "title": "A String", # Human readable title. Must be unique within the Policy. |
| 1006 | "name": "A String", # Required. Resource name for the Access Level. The `short_name` component |
| 1007 | # must begin with a letter and only include alphanumeric and '_'. Format: |
| 1008 | # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length |
| 1009 | # of the `short_name` component is 50 characters. |
| 1010 | "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. |
| 1011 | "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1012 | { # A condition necessary for an `AccessLevel` to be granted. The Condition is an |
| 1013 | # AND over its fields. So a Condition is true if: 1) the request IP is from one |
| 1014 | # of the listed subnetworks AND 2) the originating device complies with the |
| 1015 | # listed device policy AND 3) all listed access levels are granted AND 4) the |
| 1016 | # request was sent at a time allowed by the DateTimeRestriction. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1017 | "regions": [ # The request must originate from one of the provided countries/regions. |
| 1018 | # Must be valid ISO 3166-1 alpha-2 codes. |
| 1019 | "A String", |
| 1020 | ], |
| 1021 | "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1022 | # resource name. Referencing an `AccessLevel` which does not exist is an |
| 1023 | # error. All access levels listed must be granted for the Condition |
| 1024 | # to be true. Example: |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1025 | # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` |
| 1026 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1027 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1028 | "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1029 | # Condition to be true. If not specified, all devices are allowed. |
| 1030 | # given access level. A `DevicePolicy` specifies requirements for requests from |
| 1031 | # devices to be granted access levels, it does not do any enforcement on the |
| 1032 | # device. `DevicePolicy` acts as an AND over all specified fields, and each |
| 1033 | # repeated field is an OR over its elements. Any unset fields are ignored. For |
| 1034 | # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : |
| 1035 | # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be |
| 1036 | # true for requests originating from encrypted Linux desktops and encrypted |
| 1037 | # Windows desktops. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1038 | "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management |
| 1039 | # levels. |
| 1040 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1041 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1042 | "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1043 | { # A restriction on the OS type and version of devices making requests. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1044 | "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS |
| 1045 | # satisfies the constraint. Format: `"major.minor.patch"`. |
| 1046 | # Examples: `"10.5.301"`, `"9.2.1"`. |
| 1047 | "osType": "A String", # Required. The allowed OS type. |
| 1048 | "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1049 | # Verifications includes requirements that the device is enterprise-managed, |
| 1050 | # conformant to domain policies, and the caller has permission to call |
| 1051 | # the API targeted by the request. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1052 | }, |
| 1053 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1054 | "requireCorpOwned": True or False, # Whether the device needs to be corp owned. |
| 1055 | "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. |
| 1056 | "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1057 | # Defaults to `false`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1058 | "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. |
| 1059 | "A String", |
| 1060 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1061 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1062 | "members": [ # The request must be made by one of the provided user or service |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1063 | # accounts. Groups are not supported. |
| 1064 | # Syntax: |
| 1065 | # `user:{emailid}` |
| 1066 | # `serviceAccount:{emailid}` |
| 1067 | # If not specified, a request may come from any user. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1068 | "A String", |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1069 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1070 | "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1071 | # its non-empty fields, each field must be false for the Condition overall to |
| 1072 | # be satisfied. Defaults to false. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1073 | "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for |
| 1074 | # a CIDR IP address block, the specified IP address portion must be properly |
| 1075 | # truncated (i.e. all the host bits must be zero) or the input is considered |
| 1076 | # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is |
| 1077 | # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas |
| 1078 | # "2001:db8::1/32" is not. The originating IP of a request must be in one of |
| 1079 | # the listed subnets in order for this Condition to be true. If empty, all IP |
| 1080 | # addresses are allowed. |
| 1081 | "A String", |
| 1082 | ], |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1083 | }, |
| 1084 | ], |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1085 | "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is |
| 1086 | # granted this `AccessLevel`. If AND is used, each `Condition` in |
| 1087 | # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR |
| 1088 | # is used, at least one `Condition` in `conditions` must be satisfied for the |
| 1089 | # `AccessLevel` to be applied. Default behavior is AND. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1090 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1091 | "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. |
Dan O'Meara | dd49464 | 2020-05-01 07:42:23 -0700 | [diff] [blame] | 1092 | }, |
| 1093 | ], |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1094 | } |
| 1095 | |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1096 | x__xgafv: string, V1 error format. |
| 1097 | Allowed values |
| 1098 | 1 - v1 error format |
| 1099 | 2 - v2 error format |
| 1100 | |
| 1101 | Returns: |
| 1102 | An object of the form: |
| 1103 | |
| 1104 | { # This resource represents a long-running operation that is the result of a |
| 1105 | # network API call. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1106 | "done": True or False, # If the value is `false`, it means the operation is still in progress. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1107 | # If `true`, the operation is completed, and either `error` or `response` is |
| 1108 | # available. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1109 | "response": { # The normal response of the operation in case of success. If the original |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1110 | # method returns no data on success, such as `Delete`, the response is |
| 1111 | # `google.protobuf.Empty`. If the original method is standard |
| 1112 | # `Get`/`Create`/`Update`, the response should be the resource. For other |
| 1113 | # methods, the response should have the type `XxxResponse`, where `Xxx` |
| 1114 | # is the original method name. For example, if the original method name |
| 1115 | # is `TakeSnapshot()`, the inferred response type is |
| 1116 | # `TakeSnapshotResponse`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1117 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1118 | }, |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1119 | "name": "A String", # The server-assigned name, which is only unique within the same service that |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1120 | # originally returns it. If you use the default HTTP mapping, the |
| 1121 | # `name` should be a resource name ending with `operations/{unique_id}`. |
Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1122 | "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| 1123 | # different programming environments, including REST APIs and RPC APIs. It is |
| 1124 | # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| 1125 | # three pieces of data: error code, error message, and error details. |
| 1126 | # |
| 1127 | # You can find out more about this error model and how to work with it in the |
| 1128 | # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| 1129 | "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| 1130 | "message": "A String", # A developer-facing error message, which should be in English. Any |
| 1131 | # user-facing error message should be localized and sent in the |
| 1132 | # google.rpc.Status.details field, or localized by the client. |
| 1133 | "details": [ # A list of messages that carry the error details. There is a common set of |
| 1134 | # message types for APIs to use. |
| 1135 | { |
| 1136 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1137 | }, |
| 1138 | ], |
| 1139 | }, |
| 1140 | "metadata": { # Service-specific metadata associated with the operation. It typically |
| 1141 | # contains progress information and common metadata such as create time. |
| 1142 | # Some services might not provide such metadata. Any method that returns a |
| 1143 | # long-running operation should document the metadata type, if any. |
| 1144 | "a_key": "", # Properties of the object. Contains field @type with type URL. |
| 1145 | }, |
Bu Sun Kim | 715bd7f | 2019-06-14 16:50:42 -0700 | [diff] [blame] | 1146 | }</pre> |
| 1147 | </div> |
| 1148 | |
| 1149 | </body></html> |