Blame - docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html - platform/external/python/google-api-python-client

2020-05-01 07:42:23 -0700

[diff] [blame]

78

<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

79

<p class="firstline">Create an Access Level. The longrunning</p>

80

81

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

82

<p class="firstline">Delete an Access Level by resource</p>

83

84

<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>

85

<p class="firstline">Get an Access Level by resource</p>

86

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

87

<code><a href="#list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

88

<p class="firstline">List all Access Levels for an access</p>

89

90

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

91

<p class="firstline">Retrieves the next page of results.</p>

92

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

93

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

94

<p class="firstline">Update an Access Level. The longrunning</p>

95

<h3>Method Details</h3>

96

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

97

<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

98

<pre>Create an Access Level. The longrunning

99

operation from this RPC will have a successful status once the Access

100

Level has

101

propagated to long-lasting storage. Access Levels containing

102

errors will result in an error response for the first error encountered.

103

104

Args:

105

parent: string, Required. Resource name for the access policy which owns this Access

106

Level.

107

108

Format: `accessPolicies/{policy_id}` (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

109

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

110

The object takes the form of:

111

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

112

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

113

# services, along with a list of requirements necessary for the label to be

114

# applied.

115

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

116

# to represent the necessary conditions for the level to apply to a request.

117

# See CEL spec at: https://github.com/google/cel-spec

118

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

119

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

120

# are documented at https://github.com/google/cel-spec.

121

#

122

# Example (Comparison):

123

#

124

# title: "Summary size limit"

125

# description: "Determines if a summary is less than 100 chars"

126

# expression: "document.summary.size() < 100"

127

#

128

# Example (Equality):

129

#

130

# title: "Requestor is owner"

131

# description: "Determines if requestor is the document owner"

132

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

137

# description: "Determine whether the document should be publicly visible"

138

# expression: "document.type != 'private' && document.type != 'internal'"

139

#

140

# Example (Data Manipulation):

141

#

142

# title: "Notification string"

143

# description: "Create a notification string with a timestamp."

144

# expression: "'New message received at ' + string(document.create_time)"

145

#

146

# The exact variables and functions that may be referenced within an expression

147

# are determined by the service that evaluates it. See the service

148

# documentation for additional information.

149

"description": "A String", # Optional. Description of the expression. This is a longer text which

150

# describes the expression, e.g. when hovered over it in a UI.

151

"expression": "A String", # Textual representation of an expression in Common Expression Language

152

# syntax.

153

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

154

# its purpose. This can be used e.g. in UIs which allow to enter the

155

# expression.

156

"location": "A String", # Optional. String indicating the location of the expression for error

157

# reporting, e.g. a file name and a position in the file.

158

},

159

},

160

"title": "A String", # Human readable title. Must be unique within the Policy.

161

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

162

# must begin with a letter and only include alphanumeric and '_'. Format:

163

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

164

# // of the `short_name` component is 50 characters.

165

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

166

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

167

# granted this `AccessLevel`. If AND is used, each `Condition` in

168

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

169

# is used, at least one `Condition` in `conditions` must be satisfied for the

170

# `AccessLevel` to be applied. Default behavior is AND.

171

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

172

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

173

# AND over its fields. So a Condition is true if: 1) the request IP is from one

174

# of the listed subnetworks AND 2) the originating device complies with the

175

# listed device policy AND 3) all listed access levels are granted AND 4) the

176

# request was sent at a time allowed by the DateTimeRestriction.

177

"regions": [ # The request must originate from one of the provided countries/regions.

178

# Must be valid ISO 3166-1 alpha-2 codes.

179

"A String",

180

],

181

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

182

# resource name. Referencing an `AccessLevel` which does not exist is an

183

# error. All access levels listed must be granted for the Condition

184

# to be true. Example:

185

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

186

"A String",

187

],

188

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

189

# Condition to be true. If not specified, all devices are allowed.

190

# given access level. A `DevicePolicy` specifies requirements for requests from

191

# devices to be granted access levels, it does not do any enforcement on the

192

# device. `DevicePolicy` acts as an AND over all specified fields, and each

193

# repeated field is an OR over its elements. Any unset fields are ignored. For

194

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

195

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

196

# true for requests originating from encrypted Linux desktops and encrypted

197

# Windows desktops.

198

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

199

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

200

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

201

# Defaults to `false`.

202

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

203

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

204

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

205

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

206

# levels.

207

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

208

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

209

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

210

{ # A restriction on the OS type and version of devices making requests.

211

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

212

# satisfies the constraint. Format: `"major.minor.patch"`.

213

# Examples: `"10.5.301"`, `"9.2.1"`.

214

"osType": "A String", # Required. The allowed OS type.

215

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

216

# Verifications includes requirements that the device is enterprise-managed,

217

# conformant to domain policies, and the caller has permission to call

218

# the API targeted by the request.

219

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

220

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

221

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

222

"members": [ # The request must be made by one of the provided user or service

223

# accounts. Groups are not supported.

224

# Syntax:

225

# `user:{emailid}`

226

# `serviceAccount:{emailid}`

227

# If not specified, a request may come from any user.

228

"A String",

229

],

230

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

231

# a CIDR IP address block, the specified IP address portion must be properly

232

# truncated (i.e. all the host bits must be zero) or the input is considered

233

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

234

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

235

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

236

# the listed subnets in order for this Condition to be true. If empty, all IP

237

# addresses are allowed.

238

"A String",

239

],

240

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

241

# its non-empty fields, each field must be false for the Condition overall to

242

# be satisfied. Defaults to false.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

243

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

244

],

245

},

246

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

247

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

248

249

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

256

257

{ # This resource represents a long-running operation that is the result of a

258

# network API call.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

259

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

260

# method returns no data on success, such as `Delete`, the response is

261

# `google.protobuf.Empty`. If the original method is standard

262

# `Get`/`Create`/`Update`, the response should be the resource. For other

263

# methods, the response should have the type `XxxResponse`, where `Xxx`

264

# is the original method name. For example, if the original method name

265

# is `TakeSnapshot()`, the inferred response type is

266

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

267

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

268

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

269

"name": "A String", # The server-assigned name, which is only unique within the same service that

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

270

# originally returns it. If you use the default HTTP mapping, the

271

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

272

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

273

# different programming environments, including REST APIs and RPC APIs. It is

274

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

275

# three pieces of data: error code, error message, and error details.

276

#

277

# You can find out more about this error model and how to work with it in the

278

# [API Design Guide](https://cloud.google.com/apis/design/errors).

279

"details": [ # A list of messages that carry the error details. There is a common set of

280

# message types for APIs to use.

281

{

282

"a_key": "", # Properties of the object. Contains field @type with type URL.

283

},

284

],

285

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

286

"message": "A String", # A developer-facing error message, which should be in English. Any

287

# user-facing error message should be localized and sent in the

288

# google.rpc.Status.details field, or localized by the client.

289

},

290

"metadata": { # Service-specific metadata associated with the operation. It typically

291

# contains progress information and common metadata such as create time.

292

# Some services might not provide such metadata. Any method that returns a

293

# long-running operation should document the metadata type, if any.

294

"a_key": "", # Properties of the object. Contains field @type with type URL.

295

},

296

"done": True or False, # If the value is `false`, it means the operation is still in progress.

297

# If `true`, the operation is completed, and either `error` or `response` is

298

# available.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

304

<pre>Delete an Access Level by resource

305

name. The longrunning operation from this RPC will have a successful status

306

once the Access Level has been removed

307

from long-lasting storage.

308

309

Args:

310

name: string, Required. Resource name for the Access Level.

311

312

Format:

313

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

314

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

321

322

{ # This resource represents a long-running operation that is the result of a

323

# network API call.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

324

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

325

# method returns no data on success, such as `Delete`, the response is

326

# `google.protobuf.Empty`. If the original method is standard

327

# `Get`/`Create`/`Update`, the response should be the resource. For other

328

# methods, the response should have the type `XxxResponse`, where `Xxx`

329

# is the original method name. For example, if the original method name

330

# is `TakeSnapshot()`, the inferred response type is

331

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

332

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

333

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

334

"name": "A String", # The server-assigned name, which is only unique within the same service that

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

335

# originally returns it. If you use the default HTTP mapping, the

336

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

337

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

338

# different programming environments, including REST APIs and RPC APIs. It is

339

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

340

# three pieces of data: error code, error message, and error details.

341

#

342

# You can find out more about this error model and how to work with it in the

343

# [API Design Guide](https://cloud.google.com/apis/design/errors).

344

"details": [ # A list of messages that carry the error details. There is a common set of

345

# message types for APIs to use.

346

{

347

"a_key": "", # Properties of the object. Contains field @type with type URL.

348

},

349

],

350

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

351

"message": "A String", # A developer-facing error message, which should be in English. Any

352

# user-facing error message should be localized and sent in the

353

# google.rpc.Status.details field, or localized by the client.

354

},

355

"metadata": { # Service-specific metadata associated with the operation. It typically

356

# contains progress information and common metadata such as create time.

357

# Some services might not provide such metadata. Any method that returns a

358

# long-running operation should document the metadata type, if any.

359

"a_key": "", # Properties of the object. Contains field @type with type URL.

360

},

361

"done": True or False, # If the value is `false`, it means the operation is still in progress.

362

# If `true`, the operation is completed, and either `error` or `response` is

363

# available.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>

369

<pre>Get an Access Level by resource

name.

Args:

name: string, Required. Resource name for the Access Level.

374

375

Format:

376

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

377

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression

378

Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where

379

Access Levels

380

are returned as `BasicLevels` or `CustomLevels` based on how they were

381

created. If set to CEL, all Access Levels are returned as

382

`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent

383

`CustomLevels`.

384

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

391

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

392

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

393

# services, along with a list of requirements necessary for the label to be

394

# applied.

395

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

396

# to represent the necessary conditions for the level to apply to a request.

397

# See CEL spec at: https://github.com/google/cel-spec

398

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

399

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

400

# are documented at https://github.com/google/cel-spec.

401

#

402

# Example (Comparison):

403

#

404

# title: "Summary size limit"

405

# description: "Determines if a summary is less than 100 chars"

406

# expression: "document.summary.size() < 100"

407

#

408

# Example (Equality):

409

#

410

# title: "Requestor is owner"

411

# description: "Determines if requestor is the document owner"

412

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

417

# description: "Determine whether the document should be publicly visible"

418

# expression: "document.type != 'private' && document.type != 'internal'"

419

#

420

# Example (Data Manipulation):

421

#

422

# title: "Notification string"

423

# description: "Create a notification string with a timestamp."

424

# expression: "'New message received at ' + string(document.create_time)"

425

#

426

# The exact variables and functions that may be referenced within an expression

427

# are determined by the service that evaluates it. See the service

428

# documentation for additional information.

429

"description": "A String", # Optional. Description of the expression. This is a longer text which

430

# describes the expression, e.g. when hovered over it in a UI.

431

"expression": "A String", # Textual representation of an expression in Common Expression Language

432

# syntax.

433

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

434

# its purpose. This can be used e.g. in UIs which allow to enter the

435

# expression.

436

"location": "A String", # Optional. String indicating the location of the expression for error

437

# reporting, e.g. a file name and a position in the file.

438

},

439

},

440

"title": "A String", # Human readable title. Must be unique within the Policy.

441

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

442

# must begin with a letter and only include alphanumeric and '_'. Format:

443

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

444

# // of the `short_name` component is 50 characters.

445

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

446

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

447

# granted this `AccessLevel`. If AND is used, each `Condition` in

448

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

449

# is used, at least one `Condition` in `conditions` must be satisfied for the

450

# `AccessLevel` to be applied. Default behavior is AND.

451

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

452

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

453

# AND over its fields. So a Condition is true if: 1) the request IP is from one

454

# of the listed subnetworks AND 2) the originating device complies with the

455

# listed device policy AND 3) all listed access levels are granted AND 4) the

456

# request was sent at a time allowed by the DateTimeRestriction.

457

"regions": [ # The request must originate from one of the provided countries/regions.

458

# Must be valid ISO 3166-1 alpha-2 codes.

459

"A String",

460

],

461

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

462

# resource name. Referencing an `AccessLevel` which does not exist is an

463

# error. All access levels listed must be granted for the Condition

464

# to be true. Example:

465

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

466

"A String",

467

],

468

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

469

# Condition to be true. If not specified, all devices are allowed.

470

# given access level. A `DevicePolicy` specifies requirements for requests from

471

# devices to be granted access levels, it does not do any enforcement on the

472

# device. `DevicePolicy` acts as an AND over all specified fields, and each

473

# repeated field is an OR over its elements. Any unset fields are ignored. For

474

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

475

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

476

# true for requests originating from encrypted Linux desktops and encrypted

477

# Windows desktops.

478

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

479

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

480

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

481

# Defaults to `false`.

482

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

483

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

484

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

485

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

486

# levels.

487

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

488

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

489

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

490

{ # A restriction on the OS type and version of devices making requests.

491

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

492

# satisfies the constraint. Format: `"major.minor.patch"`.

493

# Examples: `"10.5.301"`, `"9.2.1"`.

494

"osType": "A String", # Required. The allowed OS type.

495

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

496

# Verifications includes requirements that the device is enterprise-managed,

497

# conformant to domain policies, and the caller has permission to call

498

# the API targeted by the request.

499

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

500

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

501

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

502

"members": [ # The request must be made by one of the provided user or service

503

# accounts. Groups are not supported.

504

# Syntax:

505

# `user:{emailid}`

506

# `serviceAccount:{emailid}`

507

# If not specified, a request may come from any user.

508

"A String",

509

],

510

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

511

# a CIDR IP address block, the specified IP address portion must be properly

512

# truncated (i.e. all the host bits must be zero) or the input is considered

513

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

514

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

515

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

516

# the listed subnets in order for this Condition to be true. If empty, all IP

517

# addresses are allowed.

518

"A String",

519

],

520

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

521

# its non-empty fields, each field must be false for the Condition overall to

522

# be satisfied. Defaults to false.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

523

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

524

],

525

},

526

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

527

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

531

<code class="details" id="list">list(parent, pageToken=None, pageSize=None, accessLevelFormat=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

532

<pre>List all Access Levels for an access

policy.

Args:

parent: string, Required. Resource name for the access policy to list Access Levels from.

537

538

Format:

539

`accessPolicies/{policy_id}` (required)

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

540

pageToken: string, Next page token for the next batch of Access Level instances.

541

Defaults to the first page of results.

542

pageSize: integer, Number of Access Levels to include in

543

the list. Default 100.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

544

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as

545

`CustomLevels`, rather than as `BasicLevels`. Defaults to returning

546

`AccessLevels` in the format they were defined.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

547

x__xgafv: string, V1 error format.

548

Allowed values

549

1 - v1 error format

550

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

551

552

Returns:

553

An object of the form:

554

555

{ # A response to `ListAccessLevelsRequest`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

556

"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

557

# empty, no further results remain.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

558

"accessLevels": [ # List of the Access Level instances.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

559

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

560

# services, along with a list of requirements necessary for the label to be

561

# applied.

562

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

563

# to represent the necessary conditions for the level to apply to a request.

564

# See CEL spec at: https://github.com/google/cel-spec

565

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

566

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

567

# are documented at https://github.com/google/cel-spec.

568

#

569

# Example (Comparison):

570

#

571

# title: "Summary size limit"

572

# description: "Determines if a summary is less than 100 chars"

573

# expression: "document.summary.size() < 100"

574

#

575

# Example (Equality):

576

#

577

# title: "Requestor is owner"

578

# description: "Determines if requestor is the document owner"

579

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

584

# description: "Determine whether the document should be publicly visible"

585

# expression: "document.type != 'private' && document.type != 'internal'"

586

#

587

# Example (Data Manipulation):

588

#

589

# title: "Notification string"

590

# description: "Create a notification string with a timestamp."

591

# expression: "'New message received at ' + string(document.create_time)"

592

#

593

# The exact variables and functions that may be referenced within an expression

594

# are determined by the service that evaluates it. See the service

595

# documentation for additional information.

596

"description": "A String", # Optional. Description of the expression. This is a longer text which

597

# describes the expression, e.g. when hovered over it in a UI.

598

"expression": "A String", # Textual representation of an expression in Common Expression Language

599

# syntax.

600

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

601

# its purpose. This can be used e.g. in UIs which allow to enter the

602

# expression.

603

"location": "A String", # Optional. String indicating the location of the expression for error

604

# reporting, e.g. a file name and a position in the file.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

605

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

606

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

607

"title": "A String", # Human readable title. Must be unique within the Policy.

608

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

609

# must begin with a letter and only include alphanumeric and '_'. Format:

610

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

611

# // of the `short_name` component is 50 characters.

612

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

613

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

614

# granted this `AccessLevel`. If AND is used, each `Condition` in

615

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

616

# is used, at least one `Condition` in `conditions` must be satisfied for the

617

# `AccessLevel` to be applied. Default behavior is AND.

618

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

619

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

620

# AND over its fields. So a Condition is true if: 1) the request IP is from one

621

# of the listed subnetworks AND 2) the originating device complies with the

622

# listed device policy AND 3) all listed access levels are granted AND 4) the

623

# request was sent at a time allowed by the DateTimeRestriction.

624

"regions": [ # The request must originate from one of the provided countries/regions.

625

# Must be valid ISO 3166-1 alpha-2 codes.

626

"A String",

627

],

628

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

629

# resource name. Referencing an `AccessLevel` which does not exist is an

630

# error. All access levels listed must be granted for the Condition

631

# to be true. Example:

632

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

633

"A String",

634

],

635

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

636

# Condition to be true. If not specified, all devices are allowed.

637

# given access level. A `DevicePolicy` specifies requirements for requests from

638

# devices to be granted access levels, it does not do any enforcement on the

639

# device. `DevicePolicy` acts as an AND over all specified fields, and each

640

# repeated field is an OR over its elements. Any unset fields are ignored. For

641

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

642

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

643

# true for requests originating from encrypted Linux desktops and encrypted

644

# Windows desktops.

645

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

646

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

647

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

648

# Defaults to `false`.

649

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

650

"A String",

651

],

652

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

657

{ # A restriction on the OS type and version of devices making requests.

658

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

659

# satisfies the constraint. Format: `"major.minor.patch"`.

660

# Examples: `"10.5.301"`, `"9.2.1"`.

661

"osType": "A String", # Required. The allowed OS type.

662

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

663

# Verifications includes requirements that the device is enterprise-managed,

664

# conformant to domain policies, and the caller has permission to call

665

# the API targeted by the request.

},

],

},

"members": [ # The request must be made by one of the provided user or service

670

# accounts. Groups are not supported.

671

# Syntax:

672

# `user:{emailid}`

673

# `serviceAccount:{emailid}`

674

# If not specified, a request may come from any user.

675

"A String",

676

],

677

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

678

# a CIDR IP address block, the specified IP address portion must be properly

679

# truncated (i.e. all the host bits must be zero) or the input is considered

680

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

681

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

682

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

683

# the listed subnets in order for this Condition to be true. If empty, all IP

684

# addresses are allowed.

685

"A String",

686

],

687

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

688

# its non-empty fields, each field must be false for the Condition overall to

689

# be satisfied. Defaults to false.

},

],

},

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

694

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

701

<pre>Retrieves the next page of results.

702

703

Args:

704

previous_request: The request for the previous page. (required)

705

previous_response: The response from the request for the previous page. (required)

706

707

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

708

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

709

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

714

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

715

<pre>Update an Access Level. The longrunning

716

operation from this RPC will have a successful status once the changes to

717

the Access Level have propagated

718

to long-lasting storage. Access Levels containing

719

errors will result in an error response for the first error encountered.

720

721

Args:

722

name: string, Required. Resource name for the Access Level. The `short_name` component

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

723

must begin with a letter and only include alphanumeric and '_'. Format:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

724

`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

725

// of the `short_name` component is 50 characters. (required)

726

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

727

The object takes the form of:

728

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

729

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

730

# services, along with a list of requirements necessary for the label to be

731

# applied.

732

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

733

# to represent the necessary conditions for the level to apply to a request.

734

# See CEL spec at: https://github.com/google/cel-spec

735

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

736

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

737

# are documented at https://github.com/google/cel-spec.

738

#

739

# Example (Comparison):

740

#

741

# title: "Summary size limit"

742

# description: "Determines if a summary is less than 100 chars"

743

# expression: "document.summary.size() < 100"

744

#

745

# Example (Equality):

746

#

747

# title: "Requestor is owner"

748

# description: "Determines if requestor is the document owner"

749

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

754

# description: "Determine whether the document should be publicly visible"

755

# expression: "document.type != 'private' && document.type != 'internal'"

756

#

757

# Example (Data Manipulation):

758

#

759

# title: "Notification string"

760

# description: "Create a notification string with a timestamp."

761

# expression: "'New message received at ' + string(document.create_time)"

762

#

763

# The exact variables and functions that may be referenced within an expression

764

# are determined by the service that evaluates it. See the service

765

# documentation for additional information.

766

"description": "A String", # Optional. Description of the expression. This is a longer text which

767

# describes the expression, e.g. when hovered over it in a UI.

768

"expression": "A String", # Textual representation of an expression in Common Expression Language

769

# syntax.

770

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

771

# its purpose. This can be used e.g. in UIs which allow to enter the

772

# expression.

773

"location": "A String", # Optional. String indicating the location of the expression for error

774

# reporting, e.g. a file name and a position in the file.

775

},

776

},

777

"title": "A String", # Human readable title. Must be unique within the Policy.

778

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

779

# must begin with a letter and only include alphanumeric and '_'. Format:

780

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

781

# // of the `short_name` component is 50 characters.

782

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

783

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

784

# granted this `AccessLevel`. If AND is used, each `Condition` in

785

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

786

# is used, at least one `Condition` in `conditions` must be satisfied for the

787

# `AccessLevel` to be applied. Default behavior is AND.

788

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

789

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

790

# AND over its fields. So a Condition is true if: 1) the request IP is from one

791

# of the listed subnetworks AND 2) the originating device complies with the

792

# listed device policy AND 3) all listed access levels are granted AND 4) the

793

# request was sent at a time allowed by the DateTimeRestriction.

794

"regions": [ # The request must originate from one of the provided countries/regions.

795

# Must be valid ISO 3166-1 alpha-2 codes.

796

"A String",

797

],

798

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

799

# resource name. Referencing an `AccessLevel` which does not exist is an

800

# error. All access levels listed must be granted for the Condition

801

# to be true. Example:

802

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

803

"A String",

804

],

805

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

806

# Condition to be true. If not specified, all devices are allowed.

807

# given access level. A `DevicePolicy` specifies requirements for requests from

808

# devices to be granted access levels, it does not do any enforcement on the

809

# device. `DevicePolicy` acts as an AND over all specified fields, and each

810

# repeated field is an OR over its elements. Any unset fields are ignored. For

811

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

812

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

813

# true for requests originating from encrypted Linux desktops and encrypted

814

# Windows desktops.

815

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

816

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

817

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

818

# Defaults to `false`.

819

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

820

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

821

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

822

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

823

# levels.

824

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

825

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

826

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

827

{ # A restriction on the OS type and version of devices making requests.

828

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

829

# satisfies the constraint. Format: `"major.minor.patch"`.

830

# Examples: `"10.5.301"`, `"9.2.1"`.

831

"osType": "A String", # Required. The allowed OS type.

832

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

833

# Verifications includes requirements that the device is enterprise-managed,

834

# conformant to domain policies, and the caller has permission to call

835

# the API targeted by the request.

836

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

837

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

838

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

839

"members": [ # The request must be made by one of the provided user or service

840

# accounts. Groups are not supported.

841

# Syntax:

842

# `user:{emailid}`

843

# `serviceAccount:{emailid}`

844

# If not specified, a request may come from any user.

845

"A String",

846

],

847

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

848

# a CIDR IP address block, the specified IP address portion must be properly

849

# truncated (i.e. all the host bits must be zero) or the input is considered

850

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

851

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

852

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

853

# the listed subnets in order for this Condition to be true. If empty, all IP

854

# addresses are allowed.

855

"A String",

856

],

857

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

858

# its non-empty fields, each field must be false for the Condition overall to

859

# be satisfied. Defaults to false.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

860

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

861

],

862

},

863

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

864

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

865

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

866

updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

867

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

874

875

{ # This resource represents a long-running operation that is the result of a

876

# network API call.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

877

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

878

# method returns no data on success, such as `Delete`, the response is

879

# `google.protobuf.Empty`. If the original method is standard

880

# `Get`/`Create`/`Update`, the response should be the resource. For other

881

# methods, the response should have the type `XxxResponse`, where `Xxx`

882

# is the original method name. For example, if the original method name

883

# is `TakeSnapshot()`, the inferred response type is

884

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

885

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

886

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

887

"name": "A String", # The server-assigned name, which is only unique within the same service that

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

888

# originally returns it. If you use the default HTTP mapping, the

889

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim