Blame - docs/dyn/gameservices_v1beta.projects.locations.gameServerDeployments.html - platform/external/python/google-api-python-client

<h1><a href="gameservices_v1beta.html">Game Services API</a> . <a href="gameservices_v1beta.projects.html">projects</a> . <a href="gameservices_v1beta.projects.locations.html">locations</a> . <a href="gameservices_v1beta.projects.locations.gameServerDeployments.html">gameServerDeployments</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="gameservices_v1beta.projects.locations.gameServerDeployments.configs.html">configs()</a></code>

79

</p>

80

<p class="firstline">Returns the configs Resource.</p>

81

82

83

<code><a href="#create">create(parent, body=None, deploymentId=None, x__xgafv=None)</a></code></p>

84

<p class="firstline">Creates a new game server deployment in a given project and location.</p>

85

86

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

87

<p class="firstline">Deletes a single game server deployment.</p>

88

89

<code><a href="#fetchDeploymentState">fetchDeploymentState(name, body=None, x__xgafv=None)</a></code></p>

90

<p class="firstline">Retrieves information about the current state of the game server</p>

91

92

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

93

<p class="firstline">Gets details of a single game server deployment.</p>

94

95

<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>

96

<p class="firstline">Gets the access control policy for a resource.</p>

97

98

<code><a href="#getRollout">getRollout(name, x__xgafv=None)</a></code></p>

99

<p class="firstline">Gets details a single game server deployment rollout.</p>

100

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

101

<code><a href="#list">list(parent, pageToken=None, orderBy=None, pageSize=None, filter=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

102

<p class="firstline">Lists game server deployments in a given project and location.</p>

103

104

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

105

<p class="firstline">Retrieves the next page of results.</p>

106

107

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

108

<p class="firstline">Patches a game server deployment.</p>

109

110

<code><a href="#previewRollout">previewRollout(name, body=None, previewTime=None, updateMask=None, x__xgafv=None)</a></code></p>

111

<p class="firstline">Previews the game server deployment rollout. This API does not mutate the</p>

112

113

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

114

<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>

115

116

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

117

<p class="firstline">Returns permissions that a caller has on the specified resource.</p>

118

119

<code><a href="#updateRollout">updateRollout(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

120

<p class="firstline">Patches a single game server deployment rollout.</p>

121

<h3>Method Details</h3>

122

123

<code class="details" id="create">create(parent, body=None, deploymentId=None, x__xgafv=None)</code>

124

<pre>Creates a new game server deployment in a given project and location.

125

126

Args:

127

parent: string, Required. The parent resource name. Uses the form:

128

`projects/{project}/locations/{location}`. (required)

129

body: object, The request body.

130

The object takes the form of:

131

132

{ # A game server deployment resource.

133

"description": "A String", # Human readable description of the game server delpoyment.

134

"etag": "A String", # ETag of the resource.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

135

"createTime": "A String", # Output only. The creation time.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

136

"labels": { # The labels associated with this game server deployment. Each label is a

137

# key-value pair.

138

"a_key": "A String",

139

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

140

"updateTime": "A String", # Output only. The last-modified time.

141

"name": "A String", # The resource name of the game server deployment. Uses the form:

142

#

143

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

144

# For example,

145

#

146

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

147

}

148

149

deploymentId: string, Required. The ID of the game server delpoyment resource to be created.

150

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

157

158

{ # This resource represents a long-running operation that is the result of a

159

# network API call.

160

"done": True or False, # If the value is `false`, it means the operation is still in progress.

161

# If `true`, the operation is completed, and either `error` or `response` is

162

# available.

163

"response": { # The normal response of the operation in case of success. If the original

164

# method returns no data on success, such as `Delete`, the response is

165

# `google.protobuf.Empty`. If the original method is standard

166

# `Get`/`Create`/`Update`, the response should be the resource. For other

167

# methods, the response should have the type `XxxResponse`, where `Xxx`

168

# is the original method name. For example, if the original method name

169

# is `TakeSnapshot()`, the inferred response type is

170

# `TakeSnapshotResponse`.

171

"a_key": "", # Properties of the object. Contains field @type with type URL.

172

},

173

"name": "A String", # The server-assigned name, which is only unique within the same service that

174

# originally returns it. If you use the default HTTP mapping, the

175

# `name` should be a resource name ending with `operations/{unique_id}`.

176

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

177

# different programming environments, including REST APIs and RPC APIs. It is

178

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

179

# three pieces of data: error code, error message, and error details.

180

#

181

# You can find out more about this error model and how to work with it in the

182

# [API Design Guide](https://cloud.google.com/apis/design/errors).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

183

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

184

"message": "A String", # A developer-facing error message, which should be in English. Any

185

# user-facing error message should be localized and sent in the

186

# google.rpc.Status.details field, or localized by the client.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

187

"details": [ # A list of messages that carry the error details. There is a common set of

188

# message types for APIs to use.

189

{

190

"a_key": "", # Properties of the object. Contains field @type with type URL.

191

},

192

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

193

},

194

"metadata": { # Service-specific metadata associated with the operation. It typically

195

# contains progress information and common metadata such as create time.

196

# Some services might not provide such metadata. Any method that returns a

197

# long-running operation should document the metadata type, if any.

198

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

205

<pre>Deletes a single game server deployment.

206

207

Args:

208

name: string, Required. The name of the game server delpoyment to delete. Uses the form:

209

210

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

211

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

218

219

{ # This resource represents a long-running operation that is the result of a

220

# network API call.

221

"done": True or False, # If the value is `false`, it means the operation is still in progress.

222

# If `true`, the operation is completed, and either `error` or `response` is

223

# available.

224

"response": { # The normal response of the operation in case of success. If the original

225

# method returns no data on success, such as `Delete`, the response is

226

# `google.protobuf.Empty`. If the original method is standard

227

# `Get`/`Create`/`Update`, the response should be the resource. For other

228

# methods, the response should have the type `XxxResponse`, where `Xxx`

229

# is the original method name. For example, if the original method name

230

# is `TakeSnapshot()`, the inferred response type is

231

# `TakeSnapshotResponse`.

232

"a_key": "", # Properties of the object. Contains field @type with type URL.

233

},

234

"name": "A String", # The server-assigned name, which is only unique within the same service that

235

# originally returns it. If you use the default HTTP mapping, the

236

# `name` should be a resource name ending with `operations/{unique_id}`.

237

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

238

# different programming environments, including REST APIs and RPC APIs. It is

239

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

240

# three pieces of data: error code, error message, and error details.

241

#

242

# You can find out more about this error model and how to work with it in the

243

# [API Design Guide](https://cloud.google.com/apis/design/errors).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

244

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

245

"message": "A String", # A developer-facing error message, which should be in English. Any

246

# user-facing error message should be localized and sent in the

247

# google.rpc.Status.details field, or localized by the client.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

248

"details": [ # A list of messages that carry the error details. There is a common set of

249

# message types for APIs to use.

250

{

251

"a_key": "", # Properties of the object. Contains field @type with type URL.

252

},

253

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

254

},

255

"metadata": { # Service-specific metadata associated with the operation. It typically

256

# contains progress information and common metadata such as create time.

257

# Some services might not provide such metadata. Any method that returns a

258

# long-running operation should document the metadata type, if any.

259

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="fetchDeploymentState">fetchDeploymentState(name, body=None, x__xgafv=None)</code>

266

<pre>Retrieves information about the current state of the game server

267

deployment. Gathers all the Agones fleets and Agones autoscalers,

268

including fleets running an older version of the game server deployment.

269

270

Args:

271

name: string, Required. The name of the game server delpoyment. Uses the form:

272

273

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

274

body: object, The request body.

275

The object takes the form of:

276

277

{ # Request message for GameServerDeploymentsService.FetchDeploymentState.

278

}

279

280

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

287

288

{ # Response message for GameServerDeploymentsService.FetchDeploymentState.

289

"unavailable": [ # List of locations that could not be reached.

290

"A String",

291

],

292

"clusterState": [ # The state of the game server deployment in each game server cluster.

293

{ # The game server cluster changes made by the game server deployment.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

294

"cluster": "A String", # The name of the cluster.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

295

"fleetDetails": [ # The details about the Agones fleets and autoscalers created in the

296

# game server cluster.

297

{ # Details of the deployed Agones fleet.

298

"deployedAutoscaler": { # Details about the Agones autoscaler. # Information about the Agones autoscaler for that fleet.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

299

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # The source spec that is used to create the autoscaler.

300

# The GameServerConfig resource may no longer exist in the system.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

301

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

302

# the Agones fleet or Agones autoscaler spec.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

303

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

304

#

305

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

306

},

307

"fleetAutoscalerSpec": "A String", # The autoscaler spec retrieved from Agones.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

308

"autoscaler": "A String", # The name of the Agones autoscaler.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

309

},

310

"deployedFleet": { # Agones fleet specification and details. # Information about the Agones fleet.

311

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # The source spec that is used to create the Agones fleet.

312

# The GameServerConfig resource may no longer exist in the system.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

313

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

314

# the Agones fleet or Agones autoscaler spec.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

315

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

316

#

317

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

318

},

319

"fleetSpec": "A String", # The fleet spec retrieved from the Agones fleet.

320

"fleet": "A String", # The name of the Agones fleet.

321

"status": { # DeployedFleetStatus has details about the Agones fleets such as how many # The current status of the Agones fleet.

322

# Includes count of game servers in various states.

323

# are running, how many allocated, and so on.

324

"replicas": "A String", # The total number of current GameServer replicas in this fleet.

325

"readyReplicas": "A String", # The number of GameServer replicas in the READY state in this fleet.

326

"allocatedReplicas": "A String", # The number of GameServer replicas in the ALLOCATED state in this fleet.

327

"reservedReplicas": "A String", # The number of GameServer replicas in the RESERVED state in this fleet.

328

# Reserved instances won't be deleted on scale down, but won't cause

329

# an autoscaler to scale up.

},

},

},

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

],

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

341

<pre>Gets details of a single game server deployment.

342

343

Args:

344

name: string, Required. The name of the game server delpoyment to retrieve. Uses the form:

345

346

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

347

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

354

355

{ # A game server deployment resource.

356

"description": "A String", # Human readable description of the game server delpoyment.

357

"etag": "A String", # ETag of the resource.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

358

"createTime": "A String", # Output only. The creation time.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

359

"labels": { # The labels associated with this game server deployment. Each label is a

360

# key-value pair.

361

"a_key": "A String",

362

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

363

"updateTime": "A String", # Output only. The last-modified time.

364

"name": "A String", # The resource name of the game server deployment. Uses the form:

365

#

366

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

367

# For example,

368

#

369

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>

375

<pre>Gets the access control policy for a resource.

376

Returns an empty policy if the resource exists and does not have a policy

set.

Args:

resource: string, REQUIRED: The resource for which the policy is being requested.

381

See the operation documentation for the appropriate value for this field. (required)

382

options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.

383

384

Valid values are 0, 1, and 3. Requests specifying an invalid value will be

385

rejected.

386

387

Requests for policies with any conditional bindings must specify version 3.

388

Policies without any conditional bindings may specify any valid value or

389

leave the field unset.

390

391

To learn which resources support conditions in their IAM policies, see the

392

[IAM

393

documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

394

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

401

402

{ # An Identity and Access Management (IAM) policy, which specifies access

403

# controls for Google Cloud resources.

404

#

405

#

406

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

407

# `members` to a single `role`. Members can be user accounts, service accounts,

408

# Google groups, and domains (such as G Suite). A `role` is a named list of

409

# permissions; each `role` can be an IAM predefined role or a user-created

410

# custom role.

411

#

412

# For some types of Google Cloud resources, a `binding` can also specify a

413

# `condition`, which is a logical expression that allows access to a resource

414

# only if the expression evaluates to `true`. A condition can add constraints

415

# based on attributes of the request, the resource, or both. To learn which

416

# resources support conditions in their IAM policies, see the

417

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

425

# "members": [

426

# "user:mike@example.com",

427

# "group:admins@example.com",

428

# "domain:google.com",

429

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

434

# "members": [

435

# "user:eve@example.com"

436

# ],

437

# "condition": {

438

# "title": "expirable access",

439

# "description": "Does not grant access after Sep 2020",

440

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

453

# - group:admins@example.com

454

# - domain:google.com

455

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

456

# role: roles/resourcemanager.organizationAdmin

457

# - members:

458

# - user:eve@example.com

459

# role: roles/resourcemanager.organizationViewer

460

# condition:

461

# title: expirable access

462

# description: Does not grant access after Sep 2020

463

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

464

# - etag: BwWWja0YfJA=

465

# - version: 3

466

#

467

# For a description of IAM and its features, see the

468

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

469

"iamOwned": True or False,

470

"rules": [ # If more than one rule is specified, the rules are applied in the following

471

# manner:

472

# - All matching LOG rules are always applied.

473

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

474

# Logging will be applied if one or more matching rule requires logging.

475

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

476

# granted.

477

# Logging will be applied if one or more matching rule requires logging.

478

# - Otherwise, if no rule applies, permission is denied.

479

{ # A rule to be applied in a Policy.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

480

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

481

# rule to match.

482

{ # A condition to be met.

483

"svc": "A String", # Trusted attributes discharged by the service.

484

"iam": "A String", # Trusted attributes supplied by the IAM system.

485

"values": [ # The objects of the condition.

486

"A String",

487

],

488

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

489

# the IAM system for access control.

490

"op": "A String", # An operator to apply the subject with.

491

},

492

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

493

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

494

# that match the LOG action.

495

{ # Specifies what kind of log the caller must write

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

496

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

497

"logMode": "A String",

498

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

499

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

500

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

501

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

502

"permissionType": "A String", # The type of the permission that was checked.

503

},

504

},

505

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

506

#

507

# Metric names should start with a '/', generally be lowercase-only,

508

# and end in "_count". Field names should not contain an initial slash.

509

# The actual exported metric names will have "/iam/policy" prepended.

510

#

511

# Field names correspond to IAM request parameters and field values are

512

# their respective values.

513

#

514

# Supported field names:

515

# - "authority", which is "[token]" if IAMContext.token is present,

516

# otherwise the value of IAMContext.authority_selector if present, and

517

# otherwise a representation of IAMContext.principal; or

518

# - "iam_principal", a representation of IAMContext.principal even if a

519

# token or authority selector is present; or

520

# - "" (empty string), resulting in a counter with no fields.

521

#

522

# Examples:

523

# counter { metric: "/debug_access_count" field: "iam_principal" }

524

# ==> increment counter /iam/policy/debug_access_count

525

# {iam_principal=[value of IAMContext.principal]}

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

526

"customFields": [ # Custom fields.

527

{ # Custom fields.

528

# These can be used to create a counter with arbitrary field/value

529

# pairs.

530

# See: go/rpcsp-custom-fields.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

531

"name": "A String", # Name is the field name.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

532

"value": "A String", # Value is the field value. It is important that in contrast to the

533

# CounterOptions.field, the value here is a constant that is not

534

# derived from the IAMContext.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

535

},

536

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

537

"metric": "A String", # The metric to update.

538

"field": "A String", # The field value to attribute.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

},

],

"in": [ # If one or more 'in' clauses are specified, the rule matches if

543

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

544

"A String",

545

],

546

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

547

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

548

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

549

"A String",

550

],

551

"action": "A String", # Required

552

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

553

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

554

# The format for in and not_in entries can be found at in the Local IAM

555

# documentation (see go/local-iam#features).

556

"A String",

557

],

558

"description": "A String", # Human-readable description of the rule.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

559

},

560

],

561

"version": 42, # Specifies the format of the policy.

562

#

563

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

564

# are rejected.

565

#

566

# Any operation that affects conditional role bindings must specify version

567

# `3`. This requirement applies to the following operations:

568

#

569

# * Getting a policy that includes a conditional role binding

570

# * Adding a conditional role binding to a policy

571

# * Changing a conditional role binding in a policy

572

# * Removing any role binding, with or without a condition, from a policy

573

# that includes conditions

574

#

575

# **Important:** If you use IAM Conditions, you must include the `etag` field

576

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

577

# you to overwrite a version `3` policy with a version `1` policy, and all of

578

# the conditions in the version `3` policy are lost.

579

#

580

# If a policy does not include any conditions, operations on that policy may

581

# specify any valid version or leave the field unset.

582

#

583

# To learn which resources support conditions in their IAM policies, see the

584

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

585

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

586

{ # Specifies the audit configuration for a service.

587

# The configuration determines which permission types are logged, and what

588

# identities, if any, are exempted from logging.

589

# An AuditConfig must have one or more AuditLogConfigs.

590

#

591

# If there are AuditConfigs for both `allServices` and a specific service,

592

# the union of the two AuditConfigs is used for that service: the log_types

593

# specified in each AuditConfig are enabled, and the exempted_members in each

594

# AuditLogConfig are exempted.

595

#

596

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

602

# "audit_log_configs": [

603

# {

604

# "log_type": "DATA_READ",

605

# "exempted_members": [

606

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

611

# },

612

# {

613

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

619

# "audit_log_configs": [

620

# {

621

# "log_type": "DATA_READ",

622

# },

623

# {

624

# "log_type": "DATA_WRITE",

625

# "exempted_members": [

626

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

635

# logging. It also exempts jose@example.com from DATA_READ logging, and

636

# aliya@example.com from DATA_WRITE logging.

637

"service": "A String", # Specifies a service that will be enabled for audit logging.

638

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

639

# `allServices` is a special value that covers all services.

640

"auditLogConfigs": [ # The configuration for logging of each type of permission.

641

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

646

# {

647

# "log_type": "DATA_READ",

648

# "exempted_members": [

649

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

659

# jose@example.com from DATA_READ logging.

660

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

661

# permission.

662

# Follows the same format of Binding.members.

663

"A String",

664

],

665

"logType": "A String", # The log type that this config enables.

666

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

675

# `condition` that determines how and when the `bindings` are applied. Each

676

# of the `bindings` must contain at least one member.

677

{ # Associates `members` with a `role`.

678

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

679

#

680

# If the condition evaluates to `true`, then this binding applies to the

681

# current request.

682

#

683

# If the condition evaluates to `false`, then this binding does not apply to

684

# the current request. However, a different role binding might grant the same

685

# role to one or more of the members in this binding.

686

#

687

# To learn which resources support conditions in their IAM policies, see the

688

# [IAM

689

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

690

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

691

# are documented at https://github.com/google/cel-spec.

692

#

693

# Example (Comparison):

694

#

695

# title: "Summary size limit"

696

# description: "Determines if a summary is less than 100 chars"

697

# expression: "document.summary.size() < 100"

698

#

699

# Example (Equality):

700

#

701

# title: "Requestor is owner"

702

# description: "Determines if requestor is the document owner"

703

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

708

# description: "Determine whether the document should be publicly visible"

709

# expression: "document.type != 'private' && document.type != 'internal'"

710

#

711

# Example (Data Manipulation):

712

#

713

# title: "Notification string"

714

# description: "Create a notification string with a timestamp."

715

# expression: "'New message received at ' + string(document.create_time)"

716

#

717

# The exact variables and functions that may be referenced within an expression

718

# are determined by the service that evaluates it. See the service

719

# documentation for additional information.

720

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

721

# its purpose. This can be used e.g. in UIs which allow to enter the

722

# expression.

723

"location": "A String", # Optional. String indicating the location of the expression for error

724

# reporting, e.g. a file name and a position in the file.

725

"description": "A String", # Optional. Description of the expression. This is a longer text which

726

# describes the expression, e.g. when hovered over it in a UI.

727

"expression": "A String", # Textual representation of an expression in Common Expression Language

728

# syntax.

729

},

730

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

731

# `members` can have the following values:

732

#

733

# * `allUsers`: A special identifier that represents anyone who is

734

# on the internet; with or without a Google account.

735

#

736

# * `allAuthenticatedUsers`: A special identifier that represents anyone

737

# who is authenticated with a Google account or a service account.

738

#

739

# * `user:{emailid}`: An email address that represents a specific Google

740

# account. For example, `alice@example.com` .

741

#

742

#

743

# * `serviceAccount:{emailid}`: An email address that represents a service

744

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

745

#

746

# * `group:{emailid}`: An email address that represents a Google group.

747

# For example, `admins@example.com`.

748

#

749

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

750

# identifier) representing a user that has been recently deleted. For

751

# example, `alice@example.com?uid=123456789012345678901`. If the user is

752

# recovered, this value reverts to `user:{emailid}` and the recovered user

753

# retains the role in the binding.

754

#

755

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

756

# unique identifier) representing a service account that has been recently

757

# deleted. For example,

758

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

759

# If the service account is undeleted, this value reverts to

760

# `serviceAccount:{emailid}` and the undeleted service account retains the

761

# role in the binding.

762

#

763

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

764

# identifier) representing a Google group that has been recently

765

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

766

# the group is recovered, this value reverts to `group:{emailid}` and the

767

# recovered group retains the role in the binding.

768

#

769

#

770

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

771

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

776

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

777

},

778

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

779

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

780

# prevent simultaneous updates of a policy from overwriting each other.

781

# It is strongly suggested that systems make use of the `etag` in the

782

# read-modify-write cycle to perform policy updates in order to avoid race

783

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

784

# systems are expected to put that etag in the request to `setIamPolicy` to

785

# ensure that their change will be applied to the same version of the policy.

786

#

787

# **Important:** If you use IAM Conditions, you must include the `etag` field

788

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

789

# you to overwrite a version `3` policy with a version `1` policy, and all of

790

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="getRollout">getRollout(name, x__xgafv=None)</code>

796

<pre>Gets details a single game server deployment rollout.

797

798

Args:

799

name: string, Required. The name of the game server delpoyment to retrieve. Uses the form:

800

801

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`. (required)

802

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

809

810

{ # The game server deployment rollout which represents the desired rollout

811

# state.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

812

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

813

# in the rollout. For example,

814

#

815

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

816

"etag": "A String", # ETag of the resource.

817

"createTime": "A String", # Output only. The creation time.

818

"updateTime": "A String", # Output only. The last-modified time.

819

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

820

#

821

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

822

# For example,

823

#

824

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

825

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

826

# in the order they are listed. Once a match is found for a realm, the rest

827

# of the list is not processed.

828

{ # A game server config override.

829

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

830

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

835

},

836

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame^]

841

<code class="details" id="list">list(parent, pageToken=None, orderBy=None, pageSize=None, filter=None, x__xgafv=None)</code>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

842

<pre>Lists game server deployments in a given project and location.

843

844

Args:

845

parent: string, Required. The parent resource name. Uses the form:

846

`projects/{project}/locations/{location}`. (required)

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

847

pageToken: string, Optional. The next_page_token value returned from a previous List request,

848

if any.

849

orderBy: string, Optional. Specifies the ordering of results following syntax at

850

https://cloud.google.com/apis/design/design_patterns#sorting_order.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

851

pageSize: integer, Optional. The maximum number of items to return. If unspecified, the server

852

will pick an appropriate default. The server may return fewer items than

853

requested. A caller should only rely on response's

854

next_page_token to

855

determine if there are more GameServerDeployments left to be queried.

856

filter: string, Optional. The filter to apply to list results.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

857

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

864

865

{ # Response message for GameServerDeploymentsService.ListGameServerDeployments.

866

"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more

867

# results in the list.

868

"gameServerDeployments": [ # The list of game server deployments.

869

{ # A game server deployment resource.

870

"description": "A String", # Human readable description of the game server delpoyment.

871

"etag": "A String", # ETag of the resource.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

872

"createTime": "A String", # Output only. The creation time.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

873

"labels": { # The labels associated with this game server deployment. Each label is a

874

# key-value pair.

875

"a_key": "A String",

876

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

877

"updateTime": "A String", # Output only. The last-modified time.

878

"name": "A String", # The resource name of the game server deployment. Uses the form:

879

#

880

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

881

# For example,

882

#

883

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

884

},

885

],

886

"unreachable": [ # List of locations that could not be reached.

"A String",

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

894

<pre>Retrieves the next page of results.

895

896

Args:

897

previous_request: The request for the previous page. (required)

898

previous_response: The response from the request for the previous page. (required)

899

900

Returns:

901

A request object that you can call 'execute()' on to request the next

902

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

908

<pre>Patches a game server deployment.

909

910

Args:

911

name: string, The resource name of the game server deployment. Uses the form:

912

913

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

914

For example,

915

916

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment`. (required)

917

body: object, The request body.

918

The object takes the form of:

919

920

{ # A game server deployment resource.

921

"description": "A String", # Human readable description of the game server delpoyment.

922

"etag": "A String", # ETag of the resource.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

923

"createTime": "A String", # Output only. The creation time.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

924

"labels": { # The labels associated with this game server deployment. Each label is a

925

# key-value pair.

926

"a_key": "A String",

927

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

928

"updateTime": "A String", # Output only. The last-modified time.

929

"name": "A String", # The resource name of the game server deployment. Uses the form:

930

#

931

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

932

# For example,

933

#

934

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

935

}

936

937

updateMask: string, Required. Mask of fields to update. At least one path must be supplied in

938

this field. For the `FieldMask` definition, see

939

940

https:

941

//developers.google.com/protocol-buffers

942

// /docs/reference/google.protobuf#fieldmask

943

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

950

951

{ # This resource represents a long-running operation that is the result of a

952

# network API call.

953

"done": True or False, # If the value is `false`, it means the operation is still in progress.

954

# If `true`, the operation is completed, and either `error` or `response` is

955

# available.

956

"response": { # The normal response of the operation in case of success. If the original

957

# method returns no data on success, such as `Delete`, the response is

958

# `google.protobuf.Empty`. If the original method is standard

959

# `Get`/`Create`/`Update`, the response should be the resource. For other

960

# methods, the response should have the type `XxxResponse`, where `Xxx`

961

# is the original method name. For example, if the original method name

962

# is `TakeSnapshot()`, the inferred response type is

963

# `TakeSnapshotResponse`.

964

"a_key": "", # Properties of the object. Contains field @type with type URL.

965

},

966

"name": "A String", # The server-assigned name, which is only unique within the same service that

967

# originally returns it. If you use the default HTTP mapping, the

968

# `name` should be a resource name ending with `operations/{unique_id}`.

969

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

970

# different programming environments, including REST APIs and RPC APIs. It is

971

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

972

# three pieces of data: error code, error message, and error details.

973

#

974

# You can find out more about this error model and how to work with it in the

975

# [API Design Guide](https://cloud.google.com/apis/design/errors).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

976

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

977

"message": "A String", # A developer-facing error message, which should be in English. Any

978

# user-facing error message should be localized and sent in the

979

# google.rpc.Status.details field, or localized by the client.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

980

"details": [ # A list of messages that carry the error details. There is a common set of

981

# message types for APIs to use.

982

{

983

"a_key": "", # Properties of the object. Contains field @type with type URL.

984

},

985

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

986

},

987

"metadata": { # Service-specific metadata associated with the operation. It typically

988

# contains progress information and common metadata such as create time.

989

# Some services might not provide such metadata. Any method that returns a

990

# long-running operation should document the metadata type, if any.

991

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="previewRollout">previewRollout(name, body=None, previewTime=None, updateMask=None, x__xgafv=None)</code>

998

<pre>Previews the game server deployment rollout. This API does not mutate the

rollout resource.

Args:

name: string, The resource name of the game server deployment rollout. Uses the form:

1003

1004

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1005

For example,

1006

1007

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`. (required)

1008

body: object, The request body.

1009

The object takes the form of:

1010

1011

{ # The game server deployment rollout which represents the desired rollout

1012

# state.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1013

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

1014

# in the rollout. For example,

1015

#

1016

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1017

"etag": "A String", # ETag of the resource.

1018

"createTime": "A String", # Output only. The creation time.

1019

"updateTime": "A String", # Output only. The last-modified time.

1020

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

1021

#

1022

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1023

# For example,

1024

#

1025

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

1026

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

1027

# in the order they are listed. Once a match is found for a realm, the rest

1028

# of the list is not processed.

1029

{ # A game server config override.

1030

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

1031

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

1036

},

1037

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1038

}

1039

1040

previewTime: string, Optional. The target timestamp to compute the preview. Defaults to the immediately

1041

after the proposed rollout completes.

1042

updateMask: string, Optional. Mask of fields to update. At least one path must be supplied in

1043

this field. For the `FieldMask` definition, see

1044

1045

https:

1046

//developers.google.com/protocol-buffers

1047

// /docs/reference/google.protobuf#fieldmask

1048

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1055

1056

{ # Response message for PreviewGameServerDeploymentRollout.

1057

# This has details about the Agones fleet and autoscaler to be actuated.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1058

"unavailable": [ # Locations that could not be reached on this request.

1059

"A String",

1060

],

1061

"targetState": { # Encapsulates the Target state. # The target state.

1062

"details": [ # Details about Agones fleets.

1063

{ # Details about the Agones resources.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1064

"gameServerDeploymentName": "A String", # The game server deployment name. Uses the form:

1065

#

1066

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}`.

1067

"fleetDetails": [ # Agones fleet details for game server clusters and game server deployments.

1068

{ # Details of the target Agones fleet.

1069

"autoscaler": { # Target Agones autoscaler policy reference. # Reference to target Agones fleet autoscaling policy.

1070

"name": "A String", # The name of the Agones autoscaler.

1071

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # Encapsulates the source of the Agones fleet spec.

1072

# Details about the Agones autoscaler spec.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1073

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

1074

# the Agones fleet or Agones autoscaler spec.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1075

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

1076

#

1077

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1078

},

1079

},

1080

"fleet": { # Target Agones fleet specification. # Reference to target Agones fleet.

1081

"name": "A String", # The name of the Agones fleet.

1082

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # Encapsulates the source of the Agones fleet spec.

1083

# The Agones fleet spec source.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1084

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

1085

# the Agones fleet or Agones autoscaler spec.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1086

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

1087

#

1088

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

},

},

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1093

"gameServerClusterName": "A String", # The game server cluster name. Uses the form:

1094

#

1095

# `projects/{project}/locations/{location}/realms/{realm}/gameServerClusters/{cluster}`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1096

},

1097

],

1098

},

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1099

"etag": "A String", # ETag of the game server deployment.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

1105

<pre>Sets the access control policy on the specified resource. Replaces any

1106

existing policy.

1107

1108

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

1109

1110

Args:

1111

resource: string, REQUIRED: The resource for which the policy is being specified.

1112

See the operation documentation for the appropriate value for this field. (required)

1113

body: object, The request body.

1114

The object takes the form of:

1115

1116

{ # Request message for `SetIamPolicy` method.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1117

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

1118

# the fields in the mask will be modified. If no mask is provided, the

1119

# following default mask is used:

1120

#

1121

# `paths: "bindings, etag"`

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1122

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

1123

# the policy is limited to a few 10s of KB. An empty policy is a

1124

# valid policy but certain Cloud Platform services (such as Projects)

1125

# might reject them.

1126

# controls for Google Cloud resources.

1127

#

1128

#

1129

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1130

# `members` to a single `role`. Members can be user accounts, service accounts,

1131

# Google groups, and domains (such as G Suite). A `role` is a named list of

1132

# permissions; each `role` can be an IAM predefined role or a user-created

1133

# custom role.

1134

#

1135

# For some types of Google Cloud resources, a `binding` can also specify a

1136

# `condition`, which is a logical expression that allows access to a resource

1137

# only if the expression evaluates to `true`. A condition can add constraints

1138

# based on attributes of the request, the resource, or both. To learn which

1139

# resources support conditions in their IAM policies, see the

1140

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1148

# "members": [

1149

# "user:mike@example.com",

1150

# "group:admins@example.com",

1151

# "domain:google.com",

1152

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1157

# "members": [

1158

# "user:eve@example.com"

1159

# ],

1160

# "condition": {

1161

# "title": "expirable access",

1162

# "description": "Does not grant access after Sep 2020",

1163

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1176

# - group:admins@example.com

1177

# - domain:google.com

1178

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1179

# role: roles/resourcemanager.organizationAdmin

1180

# - members:

1181

# - user:eve@example.com

1182

# role: roles/resourcemanager.organizationViewer

1183

# condition:

1184

# title: expirable access

1185

# description: Does not grant access after Sep 2020

1186

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1187

# - etag: BwWWja0YfJA=

1188

# - version: 3

1189

#

1190

# For a description of IAM and its features, see the

1191

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1192

"iamOwned": True or False,

1193

"rules": [ # If more than one rule is specified, the rules are applied in the following

1194

# manner:

1195

# - All matching LOG rules are always applied.

1196

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

1197

# Logging will be applied if one or more matching rule requires logging.

1198

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

1199

# granted.

1200

# Logging will be applied if one or more matching rule requires logging.

1201

# - Otherwise, if no rule applies, permission is denied.

1202

{ # A rule to be applied in a Policy.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1203

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

1204

# rule to match.

1205

{ # A condition to be met.

1206

"svc": "A String", # Trusted attributes discharged by the service.

1207

"iam": "A String", # Trusted attributes supplied by the IAM system.

1208

"values": [ # The objects of the condition.

1209

"A String",

1210

],

1211

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

1212

# the IAM system for access control.

1213

"op": "A String", # An operator to apply the subject with.

1214

},

1215

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1216

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

1217

# that match the LOG action.

1218

{ # Specifies what kind of log the caller must write

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1219

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

1220

"logMode": "A String",

1221

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1222

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

1223

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

1224

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

1225

"permissionType": "A String", # The type of the permission that was checked.

1226

},

1227

},

1228

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

1229

#

1230

# Metric names should start with a '/', generally be lowercase-only,

1231

# and end in "_count". Field names should not contain an initial slash.

1232

# The actual exported metric names will have "/iam/policy" prepended.

1233

#

1234

# Field names correspond to IAM request parameters and field values are

1235

# their respective values.

1236

#

1237

# Supported field names:

1238

# - "authority", which is "[token]" if IAMContext.token is present,

1239

# otherwise the value of IAMContext.authority_selector if present, and

1240

# otherwise a representation of IAMContext.principal; or

1241

# - "iam_principal", a representation of IAMContext.principal even if a

1242

# token or authority selector is present; or

1243

# - "" (empty string), resulting in a counter with no fields.

1244

#

1245

# Examples:

1246

# counter { metric: "/debug_access_count" field: "iam_principal" }

1247

# ==> increment counter /iam/policy/debug_access_count

1248

# {iam_principal=[value of IAMContext.principal]}

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1249

"customFields": [ # Custom fields.

1250

{ # Custom fields.

1251

# These can be used to create a counter with arbitrary field/value

1252

# pairs.

1253

# See: go/rpcsp-custom-fields.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1254

"name": "A String", # Name is the field name.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1255

"value": "A String", # Value is the field value. It is important that in contrast to the

1256

# CounterOptions.field, the value here is a constant that is not

1257

# derived from the IAMContext.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1258

},

1259

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1260

"metric": "A String", # The metric to update.

1261

"field": "A String", # The field value to attribute.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

},

],

"in": [ # If one or more 'in' clauses are specified, the rule matches if

1266

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

1267

"A String",

1268

],

1269

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

1270

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

1271

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

1272

"A String",

1273

],

1274

"action": "A String", # Required

1275

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

1276

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

1277

# The format for in and not_in entries can be found at in the Local IAM

1278

# documentation (see go/local-iam#features).

1279

"A String",

1280

],

1281

"description": "A String", # Human-readable description of the rule.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1282

},

1283

],

1284

"version": 42, # Specifies the format of the policy.

1285

#

1286

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1287

# are rejected.

1288

#

1289

# Any operation that affects conditional role bindings must specify version

1290

# `3`. This requirement applies to the following operations:

1291

#

1292

# * Getting a policy that includes a conditional role binding

1293

# * Adding a conditional role binding to a policy

1294

# * Changing a conditional role binding in a policy

1295

# * Removing any role binding, with or without a condition, from a policy

1296

# that includes conditions

1297

#

1298

# **Important:** If you use IAM Conditions, you must include the `etag` field

1299

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1300

# you to overwrite a version `3` policy with a version `1` policy, and all of

1301

# the conditions in the version `3` policy are lost.

1302

#

1303

# If a policy does not include any conditions, operations on that policy may

1304

# specify any valid version or leave the field unset.

1305

#

1306

# To learn which resources support conditions in their IAM policies, see the

1307

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1308

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1309

{ # Specifies the audit configuration for a service.

1310

# The configuration determines which permission types are logged, and what

1311

# identities, if any, are exempted from logging.

1312

# An AuditConfig must have one or more AuditLogConfigs.

1313

#

1314

# If there are AuditConfigs for both `allServices` and a specific service,

1315

# the union of the two AuditConfigs is used for that service: the log_types

1316

# specified in each AuditConfig are enabled, and the exempted_members in each

1317

# AuditLogConfig are exempted.

1318

#

1319

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

1325

# "audit_log_configs": [

1326

# {

1327

# "log_type": "DATA_READ",

1328

# "exempted_members": [

1329

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

1334

# },

1335

# {

1336

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

1342

# "audit_log_configs": [

1343

# {

1344

# "log_type": "DATA_READ",

1345

# },

1346

# {

1347

# "log_type": "DATA_WRITE",

1348

# "exempted_members": [

1349

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1358

# logging. It also exempts jose@example.com from DATA_READ logging, and

1359

# aliya@example.com from DATA_WRITE logging.

1360

"service": "A String", # Specifies a service that will be enabled for audit logging.

1361

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1362

# `allServices` is a special value that covers all services.

1363

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1364

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1369

# {

1370

# "log_type": "DATA_READ",

1371

# "exempted_members": [

1372

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1382

# jose@example.com from DATA_READ logging.

1383

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1384

# permission.

1385

# Follows the same format of Binding.members.

1386

"A String",

1387

],

1388

"logType": "A String", # The log type that this config enables.

1389

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1398

# `condition` that determines how and when the `bindings` are applied. Each

1399

# of the `bindings` must contain at least one member.

1400

{ # Associates `members` with a `role`.

1401

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1402

#

1403

# If the condition evaluates to `true`, then this binding applies to the

1404

# current request.

1405

#

1406

# If the condition evaluates to `false`, then this binding does not apply to

1407

# the current request. However, a different role binding might grant the same

1408

# role to one or more of the members in this binding.

1409

#

1410

# To learn which resources support conditions in their IAM policies, see the

1411

# [IAM

1412

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1413

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1414

# are documented at https://github.com/google/cel-spec.

1415

#

1416

# Example (Comparison):

1417

#

1418

# title: "Summary size limit"

1419

# description: "Determines if a summary is less than 100 chars"

1420

# expression: "document.summary.size() < 100"

1421

#

1422

# Example (Equality):

1423

#

1424

# title: "Requestor is owner"

1425

# description: "Determines if requestor is the document owner"

1426

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1431

# description: "Determine whether the document should be publicly visible"

1432

# expression: "document.type != 'private' && document.type != 'internal'"

1433

#

1434

# Example (Data Manipulation):

1435

#

1436

# title: "Notification string"

1437

# description: "Create a notification string with a timestamp."

1438

# expression: "'New message received at ' + string(document.create_time)"

1439

#

1440

# The exact variables and functions that may be referenced within an expression

1441

# are determined by the service that evaluates it. See the service

1442

# documentation for additional information.

1443

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1444

# its purpose. This can be used e.g. in UIs which allow to enter the

1445

# expression.

1446

"location": "A String", # Optional. String indicating the location of the expression for error

1447

# reporting, e.g. a file name and a position in the file.

1448

"description": "A String", # Optional. Description of the expression. This is a longer text which

1449

# describes the expression, e.g. when hovered over it in a UI.

1450

"expression": "A String", # Textual representation of an expression in Common Expression Language

1451

# syntax.

1452

},

1453

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1454

# `members` can have the following values:

1455

#

1456

# * `allUsers`: A special identifier that represents anyone who is

1457

# on the internet; with or without a Google account.

1458

#

1459

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1460

# who is authenticated with a Google account or a service account.

1461

#

1462

# * `user:{emailid}`: An email address that represents a specific Google

1463

# account. For example, `alice@example.com` .

1464

#

1465

#

1466

# * `serviceAccount:{emailid}`: An email address that represents a service

1467

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1468

#

1469

# * `group:{emailid}`: An email address that represents a Google group.

1470

# For example, `admins@example.com`.

1471

#

1472

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1473

# identifier) representing a user that has been recently deleted. For

1474

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1475

# recovered, this value reverts to `user:{emailid}` and the recovered user

1476

# retains the role in the binding.

1477

#

1478

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1479

# unique identifier) representing a service account that has been recently

1480

# deleted. For example,

1481

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1482

# If the service account is undeleted, this value reverts to

1483

# `serviceAccount:{emailid}` and the undeleted service account retains the

1484

# role in the binding.

1485

#

1486

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1487

# identifier) representing a Google group that has been recently

1488

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1489

# the group is recovered, this value reverts to `group:{emailid}` and the

1490

# recovered group retains the role in the binding.

1491

#

1492

#

1493

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1494

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

1499

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1500

},

1501

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1502

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1503

# prevent simultaneous updates of a policy from overwriting each other.

1504

# It is strongly suggested that systems make use of the `etag` in the

1505

# read-modify-write cycle to perform policy updates in order to avoid race

1506

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1507

# systems are expected to put that etag in the request to `setIamPolicy` to

1508

# ensure that their change will be applied to the same version of the policy.

1509

#

1510

# **Important:** If you use IAM Conditions, you must include the `etag` field

1511

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1512

# you to overwrite a version `3` policy with a version `1` policy, and all of

1513

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1514

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1515

}

1516

1517

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1524

1525

{ # An Identity and Access Management (IAM) policy, which specifies access

1526

# controls for Google Cloud resources.

1527

#

1528

#

1529

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1530

# `members` to a single `role`. Members can be user accounts, service accounts,

1531

# Google groups, and domains (such as G Suite). A `role` is a named list of

1532

# permissions; each `role` can be an IAM predefined role or a user-created

1533

# custom role.

1534

#

1535

# For some types of Google Cloud resources, a `binding` can also specify a

1536

# `condition`, which is a logical expression that allows access to a resource

1537

# only if the expression evaluates to `true`. A condition can add constraints

1538

# based on attributes of the request, the resource, or both. To learn which

1539

# resources support conditions in their IAM policies, see the

1540

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1548

# "members": [

1549

# "user:mike@example.com",

1550

# "group:admins@example.com",

1551

# "domain:google.com",

1552

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1557

# "members": [

1558

# "user:eve@example.com"

1559

# ],

1560

# "condition": {

1561

# "title": "expirable access",

1562

# "description": "Does not grant access after Sep 2020",

1563

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1576

# - group:admins@example.com

1577

# - domain:google.com

1578

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1579

# role: roles/resourcemanager.organizationAdmin

1580

# - members:

1581

# - user:eve@example.com

1582

# role: roles/resourcemanager.organizationViewer

1583

# condition:

1584

# title: expirable access

1585

# description: Does not grant access after Sep 2020

1586

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1587

# - etag: BwWWja0YfJA=

1588

# - version: 3

1589

#

1590

# For a description of IAM and its features, see the

1591

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1592

"iamOwned": True or False,

1593

"rules": [ # If more than one rule is specified, the rules are applied in the following

1594

# manner:

1595

# - All matching LOG rules are always applied.

1596

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

1597

# Logging will be applied if one or more matching rule requires logging.

1598

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

1599

# granted.

1600

# Logging will be applied if one or more matching rule requires logging.

1601

# - Otherwise, if no rule applies, permission is denied.

1602

{ # A rule to be applied in a Policy.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1603

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

1604

# rule to match.

1605

{ # A condition to be met.

1606

"svc": "A String", # Trusted attributes discharged by the service.

1607

"iam": "A String", # Trusted attributes supplied by the IAM system.

1608

"values": [ # The objects of the condition.

1609

"A String",

1610

],

1611

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

1612

# the IAM system for access control.

1613

"op": "A String", # An operator to apply the subject with.

1614

},

1615

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1616

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

1617

# that match the LOG action.

1618

{ # Specifies what kind of log the caller must write

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1619

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

1620

"logMode": "A String",

1621

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1622

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

1623

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

1624

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

1625

"permissionType": "A String", # The type of the permission that was checked.

1626

},

1627

},

1628

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

1629

#

1630

# Metric names should start with a '/', generally be lowercase-only,

1631

# and end in "_count". Field names should not contain an initial slash.

1632

# The actual exported metric names will have "/iam/policy" prepended.

1633

#

1634

# Field names correspond to IAM request parameters and field values are

1635

# their respective values.

1636

#

1637

# Supported field names:

1638

# - "authority", which is "[token]" if IAMContext.token is present,

1639

# otherwise the value of IAMContext.authority_selector if present, and

1640

# otherwise a representation of IAMContext.principal; or

1641

# - "iam_principal", a representation of IAMContext.principal even if a

1642

# token or authority selector is present; or

1643

# - "" (empty string), resulting in a counter with no fields.

1644

#

1645

# Examples:

1646

# counter { metric: "/debug_access_count" field: "iam_principal" }

1647

# ==> increment counter /iam/policy/debug_access_count

1648

# {iam_principal=[value of IAMContext.principal]}

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1649

"customFields": [ # Custom fields.

1650

{ # Custom fields.

1651

# These can be used to create a counter with arbitrary field/value

1652

# pairs.

1653

# See: go/rpcsp-custom-fields.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1654

"name": "A String", # Name is the field name.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1655

"value": "A String", # Value is the field value. It is important that in contrast to the

1656

# CounterOptions.field, the value here is a constant that is not

1657

# derived from the IAMContext.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1658

},

1659

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1660

"metric": "A String", # The metric to update.

1661

"field": "A String", # The field value to attribute.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

},

],

"in": [ # If one or more 'in' clauses are specified, the rule matches if

1666

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

1667

"A String",

1668

],

1669

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

1670

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

1671

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

1672

"A String",

1673

],

1674

"action": "A String", # Required

1675

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

1676

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

1677

# The format for in and not_in entries can be found at in the Local IAM

1678

# documentation (see go/local-iam#features).

1679

"A String",

1680

],

1681

"description": "A String", # Human-readable description of the rule.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1682

},

1683

],

1684

"version": 42, # Specifies the format of the policy.

1685

#

1686

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1687

# are rejected.

1688

#

1689

# Any operation that affects conditional role bindings must specify version

1690

# `3`. This requirement applies to the following operations:

1691

#

1692

# * Getting a policy that includes a conditional role binding

1693

# * Adding a conditional role binding to a policy

1694

# * Changing a conditional role binding in a policy

1695

# * Removing any role binding, with or without a condition, from a policy

1696

# that includes conditions

1697

#

1698

# **Important:** If you use IAM Conditions, you must include the `etag` field

1699

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1700

# you to overwrite a version `3` policy with a version `1` policy, and all of

1701

# the conditions in the version `3` policy are lost.

1702

#

1703

# If a policy does not include any conditions, operations on that policy may

1704

# specify any valid version or leave the field unset.

1705

#

1706

# To learn which resources support conditions in their IAM policies, see the

1707

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1708

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1709

{ # Specifies the audit configuration for a service.

1710

# The configuration determines which permission types are logged, and what

1711

# identities, if any, are exempted from logging.

1712

# An AuditConfig must have one or more AuditLogConfigs.

1713

#

1714

# If there are AuditConfigs for both `allServices` and a specific service,

1715

# the union of the two AuditConfigs is used for that service: the log_types

1716

# specified in each AuditConfig are enabled, and the exempted_members in each

1717

# AuditLogConfig are exempted.

1718

#

1719

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

1725

# "audit_log_configs": [

1726

# {

1727

# "log_type": "DATA_READ",

1728

# "exempted_members": [

1729

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

1734

# },

1735

# {

1736

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

1742

# "audit_log_configs": [

1743

# {

1744

# "log_type": "DATA_READ",

1745

# },

1746

# {

1747

# "log_type": "DATA_WRITE",

1748

# "exempted_members": [

1749

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1758

# logging. It also exempts jose@example.com from DATA_READ logging, and

1759

# aliya@example.com from DATA_WRITE logging.

1760

"service": "A String", # Specifies a service that will be enabled for audit logging.

1761

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1762

# `allServices` is a special value that covers all services.

1763

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1764

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1769

# {

1770

# "log_type": "DATA_READ",

1771

# "exempted_members": [

1772

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1782

# jose@example.com from DATA_READ logging.

1783

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1784

# permission.

1785

# Follows the same format of Binding.members.

1786

"A String",

1787

],

1788

"logType": "A String", # The log type that this config enables.

1789

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1798

# `condition` that determines how and when the `bindings` are applied. Each

1799

# of the `bindings` must contain at least one member.

1800

{ # Associates `members` with a `role`.

1801

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1802

#

1803

# If the condition evaluates to `true`, then this binding applies to the

1804

# current request.

1805

#

1806

# If the condition evaluates to `false`, then this binding does not apply to

1807

# the current request. However, a different role binding might grant the same

1808

# role to one or more of the members in this binding.

1809

#

1810

# To learn which resources support conditions in their IAM policies, see the

1811

# [IAM

1812

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1813

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1814

# are documented at https://github.com/google/cel-spec.

1815

#

1816

# Example (Comparison):

1817

#

1818

# title: "Summary size limit"

1819

# description: "Determines if a summary is less than 100 chars"

1820

# expression: "document.summary.size() < 100"

1821

#

1822

# Example (Equality):

1823

#

1824

# title: "Requestor is owner"

1825

# description: "Determines if requestor is the document owner"

1826

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1831

# description: "Determine whether the document should be publicly visible"

1832

# expression: "document.type != 'private' && document.type != 'internal'"

1833

#

1834

# Example (Data Manipulation):

1835

#

1836

# title: "Notification string"

1837

# description: "Create a notification string with a timestamp."

1838

# expression: "'New message received at ' + string(document.create_time)"

1839

#

1840

# The exact variables and functions that may be referenced within an expression

1841

# are determined by the service that evaluates it. See the service

1842

# documentation for additional information.

1843

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1844

# its purpose. This can be used e.g. in UIs which allow to enter the

1845

# expression.

1846

"location": "A String", # Optional. String indicating the location of the expression for error

1847

# reporting, e.g. a file name and a position in the file.

1848

"description": "A String", # Optional. Description of the expression. This is a longer text which

1849

# describes the expression, e.g. when hovered over it in a UI.

1850

"expression": "A String", # Textual representation of an expression in Common Expression Language

1851

# syntax.

1852

},

1853

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1854

# `members` can have the following values:

1855

#

1856

# * `allUsers`: A special identifier that represents anyone who is

1857

# on the internet; with or without a Google account.

1858

#

1859

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1860

# who is authenticated with a Google account or a service account.

1861

#

1862

# * `user:{emailid}`: An email address that represents a specific Google

1863

# account. For example, `alice@example.com` .

1864

#

1865

#

1866

# * `serviceAccount:{emailid}`: An email address that represents a service

1867

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1868

#

1869

# * `group:{emailid}`: An email address that represents a Google group.

1870

# For example, `admins@example.com`.

1871

#

1872

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1873

# identifier) representing a user that has been recently deleted. For

1874

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1875

# recovered, this value reverts to `user:{emailid}` and the recovered user

1876

# retains the role in the binding.

1877

#

1878

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1879

# unique identifier) representing a service account that has been recently

1880

# deleted. For example,

1881

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1882

# If the service account is undeleted, this value reverts to

1883

# `serviceAccount:{emailid}` and the undeleted service account retains the

1884

# role in the binding.

1885

#

1886

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1887

# identifier) representing a Google group that has been recently

1888

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1889

# the group is recovered, this value reverts to `group:{emailid}` and the

1890

# recovered group retains the role in the binding.

1891

#

1892

#

1893

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1894

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

1899

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1900

},

1901

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1902

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1903

# prevent simultaneous updates of a policy from overwriting each other.

1904

# It is strongly suggested that systems make use of the `etag` in the

1905

# read-modify-write cycle to perform policy updates in order to avoid race

1906

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1907

# systems are expected to put that etag in the request to `setIamPolicy` to

1908

# ensure that their change will be applied to the same version of the policy.

1909

#

1910

# **Important:** If you use IAM Conditions, you must include the `etag` field

1911

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1912

# you to overwrite a version `3` policy with a version `1` policy, and all of

1913

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

1919

<pre>Returns permissions that a caller has on the specified resource.

1920

If the resource does not exist, this will return an empty set of

1921

permissions, not a `NOT_FOUND` error.

1922

1923

Note: This operation is designed to be used for building permission-aware

1924

UIs and command-line tools, not for authorization checking. This operation

1925

may "fail open" without warning.

1926

1927

Args:

1928

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1929

See the operation documentation for the appropriate value for this field. (required)

1930

body: object, The request body.

1931

The object takes the form of:

1932

1933

{ # Request message for `TestIamPermissions` method.

1934

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1935

# wildcards (such as '*' or 'storage.*') are not allowed. For more

1936

# information see

1937

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

"A String",

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1949

1950

{ # Response message for `TestIamPermissions` method.

1951

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

# allowed.

"A String",

],

}</pre>

</div>

<code class="details" id="updateRollout">updateRollout(name, body=None, updateMask=None, x__xgafv=None)</code>

1960

<pre>Patches a single game server deployment rollout.

1961

The method will not return an error if the update does not affect any

1962

existing realms. For example - if the default_game_server_config is changed

1963

but all existing realms use the override, that is valid. Similarly, if a

1964

non existing realm is explicitly called out in game_server_config_overrides

1965

field, that will also not result in an error.

1966

1967

Args:

1968

name: string, The resource name of the game server deployment rollout. Uses the form:

1969

1970

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1971

For example,

1972

1973

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`. (required)

1974

body: object, The request body.

1975

The object takes the form of:

1976

1977

{ # The game server deployment rollout which represents the desired rollout

1978

# state.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame^]

1979

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

1980

# in the rollout. For example,

1981

#

1982

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1983

"etag": "A String", # ETag of the resource.

1984

"createTime": "A String", # Output only. The creation time.

1985

"updateTime": "A String", # Output only. The last-modified time.

1986

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

1987

#

1988

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1989

# For example,

1990

#

1991

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

1992

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

1993

# in the order they are listed. Once a match is found for a realm, the rest

1994

# of the list is not processed.

1995

{ # A game server config override.

1996

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

1997

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

2002

},

2003

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

2004

}

2005

2006

updateMask: string, Required. Mask of fields to update. At least one path must be supplied in

2007

this field. For the `FieldMask` definition, see

2008

2009

https:

2010

//developers.google.com/protocol-buffers

2011

// /docs/reference/google.protobuf#fieldmask

2012

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

2019

2020

{ # This resource represents a long-running operation that is the result of a

2021

# network API call.

2022

"done": True or False, # If the value is `false`, it means the operation is still in progress.

2023

# If `true`, the operation is completed, and either `error` or `response` is

2024

# available.

2025

"response": { # The normal response of the operation in case of success. If the original

2026

# method returns no data on success, such as `Delete`, the response is

2027

# `google.protobuf.Empty`. If the original method is standard

2028

# `Get`/`Create`/`Update`, the response should be the resource. For other

2029

# methods, the response should have the type `XxxResponse`, where `Xxx`

2030

# is the original method name. For example, if the original method name

2031

# is `TakeSnapshot()`, the inferred response type is

2032

# `TakeSnapshotResponse`.

2033

"a_key": "", # Properties of the object. Contains field @type with type URL.

2034

},

2035

"name": "A String", # The server-assigned name, which is only unique within the same service that

2036

# originally returns it. If you use the default HTTP mapping, the

2037

# `name` should be a resource name ending with `operations/{unique_id}`.

2038

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

2039

# different programming environments, including REST APIs and RPC APIs. It is

2040

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

2041

# three pieces of data: error code, error message, and error details.

2042

#

2043

# You can find out more about this error model and how to work with it in the

2044

# [API Design Guide](https://cloud.google.com/apis/design/errors).