Blame - docs/dyn/secretmanager_v1.projects.secrets.html - platform/external/python/google-api-python-client

<h1><a href="secretmanager_v1.html">Secret Manager API</a> . <a href="secretmanager_v1.projects.html">projects</a> . <a href="secretmanager_v1.projects.secrets.html">secrets</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="secretmanager_v1.projects.secrets.versions.html">versions()</a></code>

79

</p>

80

<p class="firstline">Returns the versions Resource.</p>

81

82

83

<code><a href="#addVersion">addVersion(parent, body=None, x__xgafv=None)</a></code></p>

84

<p class="firstline">Creates a new SecretVersion containing secret data and attaches</p>

85

86

<code><a href="#create">create(parent, body=None, secretId=None, x__xgafv=None)</a></code></p>

87

<p class="firstline">Creates a new Secret containing no SecretVersions.</p>

88

89

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

90

<p class="firstline">Deletes a Secret.</p>

91

92

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

93

<p class="firstline">Gets metadata for a given Secret.</p>

94

95

<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>

96

<p class="firstline">Gets the access control policy for a secret.</p>

97

98

<code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>

99

<p class="firstline">Lists Secrets.</p>

100

101

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

102

<p class="firstline">Retrieves the next page of results.</p>

103

104

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

105

<p class="firstline">Updates metadata of an existing Secret.</p>

106

107

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

108

<p class="firstline">Sets the access control policy on the specified secret. Replaces any</p>

109

110

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

111

<p class="firstline">Returns permissions that a caller has for the specified secret.</p>

112

<h3>Method Details</h3>

113

114

<code class="details" id="addVersion">addVersion(parent, body=None, x__xgafv=None)</code>

115

<pre>Creates a new SecretVersion containing secret data and attaches

116

it to an existing Secret.

117

118

Args:

119

parent: string, Required. The resource name of the Secret to associate with the

120

SecretVersion in the format `projects/*/secrets/*`. (required)

121

body: object, The request body.

122

The object takes the form of:

123

124

{ # Request message for SecretManagerService.AddSecretVersion.

125

"payload": { # A secret payload resource in the Secret Manager API. This contains the # Required. The secret payload of the SecretVersion.

126

# sensitive secret payload that is associated with a SecretVersion.

127

"data": "A String", # The secret data. Must be no larger than 64KiB.

},

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

138

139

{ # A secret version resource in the Secret Manager API.

140

"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed.

141

# Only present if state is

142

# DESTROYED.

143

"createTime": "A String", # Output only. The time at which the SecretVersion was created.

144

"state": "A String", # Output only. The current state of the SecretVersion.

145

"name": "A String", # Output only. The resource name of the SecretVersion in the

146

# format `projects/*/secrets/*/versions/*`.

147

#

148

# SecretVersion IDs in a Secret start at 1 and

149

# are incremented for each subsequent version of the secret.

}</pre>

</div>

<code class="details" id="create">create(parent, body=None, secretId=None, x__xgafv=None)</code>

155

<pre>Creates a new Secret containing no SecretVersions.

156

157

Args:

158

parent: string, Required. The resource name of the project to associate with the

159

Secret, in the format `projects/*`. (required)

160

body: object, The request body.

161

The object takes the form of:

162

163

{ # A Secret is a logical secret whose value and versions can

164

# be accessed.

165

#

166

# A Secret is made up of zero or more SecretVersions that

167

# represent the secret data.

168

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

169

#

170

# The replication policy cannot be changed after the Secret has been created.

171

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

172

# locations specified in Secret.replication.user_managed.replicas

173

"replicas": [ # Required. The list of Replicas for this Secret.

174

#

175

# Cannot be empty.

176

{ # Represents a Replica for this Secret.

177

"location": "A String", # The canonical IDs of the location to replicate data.

178

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

187

"labels": { # The labels assigned to this Secret.

188

#

189

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

190

# of maximum 128 bytes, and must conform to the following PCRE regular

191

# expression: `\p{Ll}\p{Lo}{0,62}`

192

#

193

# Label values must be between 0 and 63 characters long, have a UTF-8

194

# encoding of maximum 128 bytes, and must conform to the following PCRE

195

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

196

#

197

# No more than 64 labels can be assigned to a given resource.

198

"a_key": "A String",

199

},

200

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

201

}

202

203

secretId: string, Required. This must be unique within the project.

204

205

A secret ID is a string with a maximum length of 255 characters and can

206

contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and

207

underscore (`_`) characters.

208

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

215

216

{ # A Secret is a logical secret whose value and versions can

217

# be accessed.

218

#

219

# A Secret is made up of zero or more SecretVersions that

220

# represent the secret data.

221

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

222

#

223

# The replication policy cannot be changed after the Secret has been created.

224

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

225

# locations specified in Secret.replication.user_managed.replicas

226

"replicas": [ # Required. The list of Replicas for this Secret.

227

#

228

# Cannot be empty.

229

{ # Represents a Replica for this Secret.

230

"location": "A String", # The canonical IDs of the location to replicate data.

231

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

240

"labels": { # The labels assigned to this Secret.

241

#

242

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

243

# of maximum 128 bytes, and must conform to the following PCRE regular

244

# expression: `\p{Ll}\p{Lo}{0,62}`

245

#

246

# Label values must be between 0 and 63 characters long, have a UTF-8

247

# encoding of maximum 128 bytes, and must conform to the following PCRE

248

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

249

#

250

# No more than 64 labels can be assigned to a given resource.

251

"a_key": "A String",

252

},

253

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

259

<pre>Deletes a Secret.

260

261

Args:

262

name: string, Required. The resource name of the Secret to delete in the format

263

`projects/*/secrets/*`. (required)

264

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

271

272

{ # A generic empty message that you can re-use to avoid defining duplicated

273

# empty messages in your APIs. A typical example is to use it as the request

274

# or the response type of an API method. For instance:

275

#

276

# service Foo {

277

# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);

278

# }

279

#

280

# The JSON representation for `Empty` is empty JSON object `{}`.

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

286

<pre>Gets metadata for a given Secret.

287

288

Args:

289

name: string, Required. The resource name of the Secret, in the format `projects/*/secrets/*`. (required)

290

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

297

298

{ # A Secret is a logical secret whose value and versions can

299

# be accessed.

300

#

301

# A Secret is made up of zero or more SecretVersions that

302

# represent the secret data.

303

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

304

#

305

# The replication policy cannot be changed after the Secret has been created.

306

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

307

# locations specified in Secret.replication.user_managed.replicas

308

"replicas": [ # Required. The list of Replicas for this Secret.

309

#

310

# Cannot be empty.

311

{ # Represents a Replica for this Secret.

312

"location": "A String", # The canonical IDs of the location to replicate data.

313

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

322

"labels": { # The labels assigned to this Secret.

323

#

324

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

325

# of maximum 128 bytes, and must conform to the following PCRE regular

326

# expression: `\p{Ll}\p{Lo}{0,62}`

327

#

328

# Label values must be between 0 and 63 characters long, have a UTF-8

329

# encoding of maximum 128 bytes, and must conform to the following PCRE

330

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

331

#

332

# No more than 64 labels can be assigned to a given resource.

333

"a_key": "A String",

334

},

335

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>

341

<pre>Gets the access control policy for a secret.

342

Returns empty policy if the secret exists and does not have a policy set.

343

344

Args:

345

resource: string, REQUIRED: The resource for which the policy is being requested.

346

See the operation documentation for the appropriate value for this field. (required)

347

options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.

348

349

Valid values are 0, 1, and 3. Requests specifying an invalid value will be

350

rejected.

351

352

Requests for policies with any conditional bindings must specify version 3.

353

Policies without any conditional bindings may specify any valid value or

354

leave the field unset.

355

356

To learn which resources support conditions in their IAM policies, see the

357

[IAM

358

documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

359

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

366

367

{ # An Identity and Access Management (IAM) policy, which specifies access

368

# controls for Google Cloud resources.

369

#

370

#

371

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

372

# `members` to a single `role`. Members can be user accounts, service accounts,

373

# Google groups, and domains (such as G Suite). A `role` is a named list of

374

# permissions; each `role` can be an IAM predefined role or a user-created

375

# custom role.

376

#

377

# For some types of Google Cloud resources, a `binding` can also specify a

378

# `condition`, which is a logical expression that allows access to a resource

379

# only if the expression evaluates to `true`. A condition can add constraints

380

# based on attributes of the request, the resource, or both. To learn which

381

# resources support conditions in their IAM policies, see the

382

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

390

# "members": [

391

# "user:mike@example.com",

392

# "group:admins@example.com",

393

# "domain:google.com",

394

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

399

# "members": [

400

# "user:eve@example.com"

401

# ],

402

# "condition": {

403

# "title": "expirable access",

404

# "description": "Does not grant access after Sep 2020",

405

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

418

# - group:admins@example.com

419

# - domain:google.com

420

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

421

# role: roles/resourcemanager.organizationAdmin

422

# - members:

423

# - user:eve@example.com

424

# role: roles/resourcemanager.organizationViewer

425

# condition:

426

# title: expirable access

427

# description: Does not grant access after Sep 2020

428

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

429

# - etag: BwWWja0YfJA=

430

# - version: 3

431

#

432

# For a description of IAM and its features, see the

433

# [IAM documentation](https://cloud.google.com/iam/docs/).

434

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

435

{ # Specifies the audit configuration for a service.

436

# The configuration determines which permission types are logged, and what

437

# identities, if any, are exempted from logging.

438

# An AuditConfig must have one or more AuditLogConfigs.

439

#

440

# If there are AuditConfigs for both `allServices` and a specific service,

441

# the union of the two AuditConfigs is used for that service: the log_types

442

# specified in each AuditConfig are enabled, and the exempted_members in each

443

# AuditLogConfig are exempted.

444

#

445

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

451

# "audit_log_configs": [

452

# {

453

# "log_type": "DATA_READ",

454

# "exempted_members": [

455

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

460

# },

461

# {

462

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

468

# "audit_log_configs": [

469

# {

470

# "log_type": "DATA_READ",

471

# },

472

# {

473

# "log_type": "DATA_WRITE",

474

# "exempted_members": [

475

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

484

# logging. It also exempts jose@example.com from DATA_READ logging, and

485

# aliya@example.com from DATA_WRITE logging.

486

"service": "A String", # Specifies a service that will be enabled for audit logging.

487

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

488

# `allServices` is a special value that covers all services.

489

"auditLogConfigs": [ # The configuration for logging of each type of permission.

490

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

495

# {

496

# "log_type": "DATA_READ",

497

# "exempted_members": [

498

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

508

# jose@example.com from DATA_READ logging.

509

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

510

# permission.

511

# Follows the same format of Binding.members.

512

"A String",

513

],

514

"logType": "A String", # The log type that this config enables.

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

520

# `condition` that determines how and when the `bindings` are applied. Each

521

# of the `bindings` must contain at least one member.

522

{ # Associates `members` with a `role`.

523

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

524

# `members` can have the following values:

525

#

526

# * `allUsers`: A special identifier that represents anyone who is

527

# on the internet; with or without a Google account.

528

#

529

# * `allAuthenticatedUsers`: A special identifier that represents anyone

530

# who is authenticated with a Google account or a service account.

531

#

532

# * `user:{emailid}`: An email address that represents a specific Google

533

# account. For example, `alice@example.com` .

534

#

535

#

536

# * `serviceAccount:{emailid}`: An email address that represents a service

537

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

538

#

539

# * `group:{emailid}`: An email address that represents a Google group.

540

# For example, `admins@example.com`.

541

#

542

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

543

# identifier) representing a user that has been recently deleted. For

544

# example, `alice@example.com?uid=123456789012345678901`. If the user is

545

# recovered, this value reverts to `user:{emailid}` and the recovered user

546

# retains the role in the binding.

547

#

548

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

549

# unique identifier) representing a service account that has been recently

550

# deleted. For example,

551

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

552

# If the service account is undeleted, this value reverts to

553

# `serviceAccount:{emailid}` and the undeleted service account retains the

554

# role in the binding.

555

#

556

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

557

# identifier) representing a Google group that has been recently

558

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

559

# the group is recovered, this value reverts to `group:{emailid}` and the

560

# recovered group retains the role in the binding.

561

#

562

#

563

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

564

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

569

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

570

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

571

#

572

# If the condition evaluates to `true`, then this binding applies to the

573

# current request.

574

#

575

# If the condition evaluates to `false`, then this binding does not apply to

576

# the current request. However, a different role binding might grant the same

577

# role to one or more of the members in this binding.

578

#

579

# To learn which resources support conditions in their IAM policies, see the

580

# [IAM

581

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

582

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

583

# are documented at https://github.com/google/cel-spec.

584

#

585

# Example (Comparison):

586

#

587

# title: "Summary size limit"

588

# description: "Determines if a summary is less than 100 chars"

589

# expression: "document.summary.size() < 100"

590

#

591

# Example (Equality):

592

#

593

# title: "Requestor is owner"

594

# description: "Determines if requestor is the document owner"

595

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

600

# description: "Determine whether the document should be publicly visible"

601

# expression: "document.type != 'private' && document.type != 'internal'"

602

#

603

# Example (Data Manipulation):

604

#

605

# title: "Notification string"

606

# description: "Create a notification string with a timestamp."

607

# expression: "'New message received at ' + string(document.create_time)"

608

#

609

# The exact variables and functions that may be referenced within an expression

610

# are determined by the service that evaluates it. See the service

611

# documentation for additional information.

612

"description": "A String", # Optional. Description of the expression. This is a longer text which

613

# describes the expression, e.g. when hovered over it in a UI.

614

"expression": "A String", # Textual representation of an expression in Common Expression Language

615

# syntax.

616

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

617

# its purpose. This can be used e.g. in UIs which allow to enter the

618

# expression.

619

"location": "A String", # Optional. String indicating the location of the expression for error

620

# reporting, e.g. a file name and a position in the file.

},

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

625

# prevent simultaneous updates of a policy from overwriting each other.

626

# It is strongly suggested that systems make use of the `etag` in the

627

# read-modify-write cycle to perform policy updates in order to avoid race

628

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

629

# systems are expected to put that etag in the request to `setIamPolicy` to

630

# ensure that their change will be applied to the same version of the policy.

631

#

632

# **Important:** If you use IAM Conditions, you must include the `etag` field

633

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

634

# you to overwrite a version `3` policy with a version `1` policy, and all of

635

# the conditions in the version `3` policy are lost.

636

"version": 42, # Specifies the format of the policy.

637

#

638

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

639

# are rejected.

640

#

641

# Any operation that affects conditional role bindings must specify version

642

# `3`. This requirement applies to the following operations:

643

#

644

# * Getting a policy that includes a conditional role binding

645

# * Adding a conditional role binding to a policy

646

# * Changing a conditional role binding in a policy

647

# * Removing any role binding, with or without a condition, from a policy

648

# that includes conditions

649

#

650

# **Important:** If you use IAM Conditions, you must include the `etag` field

651

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

652

# you to overwrite a version `3` policy with a version `1` policy, and all of

653

# the conditions in the version `3` policy are lost.

654

#

655

# If a policy does not include any conditions, operations on that policy may

656

# specify any valid version or leave the field unset.

657

#

658

# To learn which resources support conditions in their IAM policies, see the

659

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

}</pre>

</div>

<code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>

<pre>Lists Secrets.

Args:

parent: string, Required. The resource name of the project associated with the

669

Secrets, in the format `projects/*`. (required)

670

pageToken: string, Optional. Pagination token, returned earlier via

671

ListSecretsResponse.next_page_token.

672

pageSize: integer, Optional. The maximum number of results to be returned in a single page. If

673

set to 0, the server decides the number of results to return. If the

674

number is greater than 25000, it is capped at 25000.

675

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

682

683

{ # Response message for SecretManagerService.ListSecrets.

684

"totalSize": 42, # The total number of Secrets.

685

"secrets": [ # The list of Secrets sorted in reverse by create_time (newest

686

# first).

687

{ # A Secret is a logical secret whose value and versions can

688

# be accessed.

689

#

690

# A Secret is made up of zero or more SecretVersions that

691

# represent the secret data.

692

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

693

#

694

# The replication policy cannot be changed after the Secret has been created.

695

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

696

# locations specified in Secret.replication.user_managed.replicas

697

"replicas": [ # Required. The list of Replicas for this Secret.

698

#

699

# Cannot be empty.

700

{ # Represents a Replica for this Secret.

701

"location": "A String", # The canonical IDs of the location to replicate data.

702

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

711

"labels": { # The labels assigned to this Secret.

712

#

713

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

714

# of maximum 128 bytes, and must conform to the following PCRE regular

715

# expression: `\p{Ll}\p{Lo}{0,62}`

716

#

717

# Label values must be between 0 and 63 characters long, have a UTF-8

718

# encoding of maximum 128 bytes, and must conform to the following PCRE

719

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

720

#

721

# No more than 64 labels can be assigned to a given resource.

722

"a_key": "A String",

723

},

724

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

725

},

726

],

727

"nextPageToken": "A String", # A token to retrieve the next page of results. Pass this value in

728

# ListSecretsRequest.page_token to retrieve the next page.

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

734

<pre>Retrieves the next page of results.

735

736

Args:

737

previous_request: The request for the previous page. (required)

738

previous_response: The response from the request for the previous page. (required)

739

740

Returns:

741

A request object that you can call 'execute()' on to request the next

742

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

748

<pre>Updates metadata of an existing Secret.

749

750

Args:

751

name: string, Output only. The resource name of the Secret in the format `projects/*/secrets/*`. (required)

752

body: object, The request body.

753

The object takes the form of:

754

755

{ # A Secret is a logical secret whose value and versions can

756

# be accessed.

757

#

758

# A Secret is made up of zero or more SecretVersions that

759

# represent the secret data.

760

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

761

#

762

# The replication policy cannot be changed after the Secret has been created.

763

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

764

# locations specified in Secret.replication.user_managed.replicas

765

"replicas": [ # Required. The list of Replicas for this Secret.

766

#

767

# Cannot be empty.

768

{ # Represents a Replica for this Secret.

769

"location": "A String", # The canonical IDs of the location to replicate data.

770

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

779

"labels": { # The labels assigned to this Secret.

780

#

781

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

782

# of maximum 128 bytes, and must conform to the following PCRE regular

783

# expression: `\p{Ll}\p{Lo}{0,62}`

784

#

785

# Label values must be between 0 and 63 characters long, have a UTF-8

786

# encoding of maximum 128 bytes, and must conform to the following PCRE

787

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

788

#

789

# No more than 64 labels can be assigned to a given resource.

790

"a_key": "A String",

791

},

792

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

793

}

794

795

updateMask: string, Required. Specifies the fields to be updated.

796

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

803

804

{ # A Secret is a logical secret whose value and versions can

805

# be accessed.

806

#

807

# A Secret is made up of zero or more SecretVersions that

808

# represent the secret data.

809

"replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.

810

#

811

# The replication policy cannot be changed after the Secret has been created.

812

"userManaged": { # A replication policy that replicates the Secret payload into the # The Secret will only be replicated into the locations specified.

813

# locations specified in Secret.replication.user_managed.replicas

814

"replicas": [ # Required. The list of Replicas for this Secret.

815

#

816

# Cannot be empty.

817

{ # Represents a Replica for this Secret.

818

"location": "A String", # The canonical IDs of the location to replicate data.

819

# For example: `"us-east1"`.

},

],

},

"automatic": { # A replication policy that replicates the Secret payload without any # The Secret will automatically be replicated without any restrictions.

# restrictions.

},

},

"createTime": "A String", # Output only. The time at which the Secret was created.

828

"labels": { # The labels assigned to this Secret.

829

#

830

# Label keys must be between 1 and 63 characters long, have a UTF-8 encoding

831

# of maximum 128 bytes, and must conform to the following PCRE regular

832

# expression: `\p{Ll}\p{Lo}{0,62}`

833

#

834

# Label values must be between 0 and 63 characters long, have a UTF-8

835

# encoding of maximum 128 bytes, and must conform to the following PCRE

836

# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`

837

#

838

# No more than 64 labels can be assigned to a given resource.

839

"a_key": "A String",

840

},

841

"name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.

}</pre>

</div>

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

847

<pre>Sets the access control policy on the specified secret. Replaces any

848

existing policy.

849

850

Permissions on SecretVersions are enforced according

851

to the policy set on the associated Secret.

852

853

Args:

854

resource: string, REQUIRED: The resource for which the policy is being specified.

855

See the operation documentation for the appropriate value for this field. (required)

856

body: object, The request body.

857

The object takes the form of:

858

859

{ # Request message for `SetIamPolicy` method.

860

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

861

# the policy is limited to a few 10s of KB. An empty policy is a

862

# valid policy but certain Cloud Platform services (such as Projects)

863

# might reject them.

864

# controls for Google Cloud resources.

865

#

866

#

867

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

868

# `members` to a single `role`. Members can be user accounts, service accounts,

869

# Google groups, and domains (such as G Suite). A `role` is a named list of

870

# permissions; each `role` can be an IAM predefined role or a user-created

871

# custom role.

872

#

873

# For some types of Google Cloud resources, a `binding` can also specify a

874

# `condition`, which is a logical expression that allows access to a resource

875

# only if the expression evaluates to `true`. A condition can add constraints

876

# based on attributes of the request, the resource, or both. To learn which

877

# resources support conditions in their IAM policies, see the

878

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

886

# "members": [

887

# "user:mike@example.com",

888

# "group:admins@example.com",

889

# "domain:google.com",

890

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

895

# "members": [

896

# "user:eve@example.com"

897

# ],

898

# "condition": {

899

# "title": "expirable access",

900

# "description": "Does not grant access after Sep 2020",

901

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

914

# - group:admins@example.com

915

# - domain:google.com

916

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

917

# role: roles/resourcemanager.organizationAdmin

918

# - members:

919

# - user:eve@example.com

920

# role: roles/resourcemanager.organizationViewer

921

# condition:

922

# title: expirable access

923

# description: Does not grant access after Sep 2020

924

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

925

# - etag: BwWWja0YfJA=

926

# - version: 3

927

#

928

# For a description of IAM and its features, see the

929

# [IAM documentation](https://cloud.google.com/iam/docs/).

930

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

931

{ # Specifies the audit configuration for a service.

932

# The configuration determines which permission types are logged, and what

933

# identities, if any, are exempted from logging.

934

# An AuditConfig must have one or more AuditLogConfigs.

935

#

936

# If there are AuditConfigs for both `allServices` and a specific service,

937

# the union of the two AuditConfigs is used for that service: the log_types

938

# specified in each AuditConfig are enabled, and the exempted_members in each

939

# AuditLogConfig are exempted.

940

#

941

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

947

# "audit_log_configs": [

948

# {

949

# "log_type": "DATA_READ",

950

# "exempted_members": [

951

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

956

# },

957

# {

958

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

964

# "audit_log_configs": [

965

# {

966

# "log_type": "DATA_READ",

967

# },

968

# {

969

# "log_type": "DATA_WRITE",

970

# "exempted_members": [

971

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

980

# logging. It also exempts jose@example.com from DATA_READ logging, and

981

# aliya@example.com from DATA_WRITE logging.

982

"service": "A String", # Specifies a service that will be enabled for audit logging.

983

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

984

# `allServices` is a special value that covers all services.

985

"auditLogConfigs": [ # The configuration for logging of each type of permission.

986

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

991

# {

992

# "log_type": "DATA_READ",

993

# "exempted_members": [

994

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1004

# jose@example.com from DATA_READ logging.

1005

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1006

# permission.

1007

# Follows the same format of Binding.members.

1008

"A String",

1009

],

1010

"logType": "A String", # The log type that this config enables.

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1016

# `condition` that determines how and when the `bindings` are applied. Each

1017

# of the `bindings` must contain at least one member.

1018

{ # Associates `members` with a `role`.

1019

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1020

# `members` can have the following values:

1021

#

1022

# * `allUsers`: A special identifier that represents anyone who is

1023

# on the internet; with or without a Google account.

1024

#

1025

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1026

# who is authenticated with a Google account or a service account.

1027

#

1028

# * `user:{emailid}`: An email address that represents a specific Google

1029

# account. For example, `alice@example.com` .

1030

#

1031

#

1032

# * `serviceAccount:{emailid}`: An email address that represents a service

1033

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1034

#

1035

# * `group:{emailid}`: An email address that represents a Google group.

1036

# For example, `admins@example.com`.

1037

#

1038

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1039

# identifier) representing a user that has been recently deleted. For

1040

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1041

# recovered, this value reverts to `user:{emailid}` and the recovered user

1042

# retains the role in the binding.

1043

#

1044

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1045

# unique identifier) representing a service account that has been recently

1046

# deleted. For example,

1047

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1048

# If the service account is undeleted, this value reverts to

1049

# `serviceAccount:{emailid}` and the undeleted service account retains the

1050

# role in the binding.

1051

#

1052

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1053

# identifier) representing a Google group that has been recently

1054

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1055

# the group is recovered, this value reverts to `group:{emailid}` and the

1056

# recovered group retains the role in the binding.

1057

#

1058

#

1059

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1060

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

1065

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1066

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1067

#

1068

# If the condition evaluates to `true`, then this binding applies to the

1069

# current request.

1070

#

1071

# If the condition evaluates to `false`, then this binding does not apply to

1072

# the current request. However, a different role binding might grant the same

1073

# role to one or more of the members in this binding.

1074

#

1075

# To learn which resources support conditions in their IAM policies, see the

1076

# [IAM

1077

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1078

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1079

# are documented at https://github.com/google/cel-spec.

1080

#

1081

# Example (Comparison):

1082

#

1083

# title: "Summary size limit"

1084

# description: "Determines if a summary is less than 100 chars"

1085

# expression: "document.summary.size() < 100"

1086

#

1087

# Example (Equality):

1088

#

1089

# title: "Requestor is owner"

1090

# description: "Determines if requestor is the document owner"

1091

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1096

# description: "Determine whether the document should be publicly visible"

1097

# expression: "document.type != 'private' && document.type != 'internal'"

1098

#

1099

# Example (Data Manipulation):

1100

#

1101

# title: "Notification string"

1102

# description: "Create a notification string with a timestamp."

1103

# expression: "'New message received at ' + string(document.create_time)"

1104

#

1105

# The exact variables and functions that may be referenced within an expression

1106

# are determined by the service that evaluates it. See the service

1107

# documentation for additional information.

1108

"description": "A String", # Optional. Description of the expression. This is a longer text which

1109

# describes the expression, e.g. when hovered over it in a UI.

1110

"expression": "A String", # Textual representation of an expression in Common Expression Language

1111

# syntax.

1112

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1113

# its purpose. This can be used e.g. in UIs which allow to enter the

1114

# expression.

1115

"location": "A String", # Optional. String indicating the location of the expression for error

1116

# reporting, e.g. a file name and a position in the file.

},

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1121

# prevent simultaneous updates of a policy from overwriting each other.

1122

# It is strongly suggested that systems make use of the `etag` in the

1123

# read-modify-write cycle to perform policy updates in order to avoid race

1124

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1125

# systems are expected to put that etag in the request to `setIamPolicy` to

1126

# ensure that their change will be applied to the same version of the policy.

1127

#

1128

# **Important:** If you use IAM Conditions, you must include the `etag` field

1129

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1130

# you to overwrite a version `3` policy with a version `1` policy, and all of

1131

# the conditions in the version `3` policy are lost.

1132

"version": 42, # Specifies the format of the policy.

1133

#

1134

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1135

# are rejected.

1136

#

1137

# Any operation that affects conditional role bindings must specify version

1138

# `3`. This requirement applies to the following operations:

1139

#

1140

# * Getting a policy that includes a conditional role binding

1141

# * Adding a conditional role binding to a policy

1142

# * Changing a conditional role binding in a policy

1143

# * Removing any role binding, with or without a condition, from a policy

1144

# that includes conditions

1145

#

1146

# **Important:** If you use IAM Conditions, you must include the `etag` field

1147

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1148

# you to overwrite a version `3` policy with a version `1` policy, and all of

1149

# the conditions in the version `3` policy are lost.

1150

#

1151

# If a policy does not include any conditions, operations on that policy may

1152

# specify any valid version or leave the field unset.

1153

#

1154

# To learn which resources support conditions in their IAM policies, see the

1155

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1156

},

1157

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

1158

# the fields in the mask will be modified. If no mask is provided, the

1159

# following default mask is used:

1160

#

1161

# `paths: "bindings, etag"`

1162

}

1163

1164

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1171

1172

{ # An Identity and Access Management (IAM) policy, which specifies access

1173

# controls for Google Cloud resources.

1174

#

1175

#

1176

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1177

# `members` to a single `role`. Members can be user accounts, service accounts,

1178

# Google groups, and domains (such as G Suite). A `role` is a named list of

1179

# permissions; each `role` can be an IAM predefined role or a user-created

1180

# custom role.

1181

#

1182

# For some types of Google Cloud resources, a `binding` can also specify a

1183

# `condition`, which is a logical expression that allows access to a resource

1184

# only if the expression evaluates to `true`. A condition can add constraints

1185

# based on attributes of the request, the resource, or both. To learn which

1186

# resources support conditions in their IAM policies, see the

1187

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1195

# "members": [

1196

# "user:mike@example.com",

1197

# "group:admins@example.com",

1198

# "domain:google.com",

1199

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1204

# "members": [

1205

# "user:eve@example.com"

1206

# ],

1207

# "condition": {

1208

# "title": "expirable access",

1209

# "description": "Does not grant access after Sep 2020",

1210

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1223

# - group:admins@example.com

1224

# - domain:google.com

1225

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1226

# role: roles/resourcemanager.organizationAdmin

1227

# - members:

1228

# - user:eve@example.com

1229

# role: roles/resourcemanager.organizationViewer

1230

# condition:

1231

# title: expirable access

1232

# description: Does not grant access after Sep 2020

1233

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1234

# - etag: BwWWja0YfJA=

1235

# - version: 3

1236

#

1237

# For a description of IAM and its features, see the

1238

# [IAM documentation](https://cloud.google.com/iam/docs/).

1239

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1240

{ # Specifies the audit configuration for a service.

1241

# The configuration determines which permission types are logged, and what

1242

# identities, if any, are exempted from logging.

1243

# An AuditConfig must have one or more AuditLogConfigs.

1244

#

1245

# If there are AuditConfigs for both `allServices` and a specific service,

1246

# the union of the two AuditConfigs is used for that service: the log_types

1247

# specified in each AuditConfig are enabled, and the exempted_members in each

1248

# AuditLogConfig are exempted.

1249

#

1250

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

1256

# "audit_log_configs": [

1257

# {

1258

# "log_type": "DATA_READ",

1259

# "exempted_members": [

1260

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

1265

# },

1266

# {

1267

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

1273

# "audit_log_configs": [

1274

# {

1275

# "log_type": "DATA_READ",

1276

# },

1277

# {

1278

# "log_type": "DATA_WRITE",

1279

# "exempted_members": [

1280

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1289

# logging. It also exempts jose@example.com from DATA_READ logging, and

1290

# aliya@example.com from DATA_WRITE logging.

1291

"service": "A String", # Specifies a service that will be enabled for audit logging.

1292

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1293

# `allServices` is a special value that covers all services.

1294

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1295

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1300

# {

1301

# "log_type": "DATA_READ",

1302

# "exempted_members": [

1303

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1313

# jose@example.com from DATA_READ logging.

1314

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1315

# permission.

1316

# Follows the same format of Binding.members.

1317

"A String",

1318

],

1319

"logType": "A String", # The log type that this config enables.

},

],

},

],

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1325

# `condition` that determines how and when the `bindings` are applied. Each

1326

# of the `bindings` must contain at least one member.

1327

{ # Associates `members` with a `role`.

1328

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1329

# `members` can have the following values:

1330

#

1331

# * `allUsers`: A special identifier that represents anyone who is

1332

# on the internet; with or without a Google account.

1333

#

1334

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1335

# who is authenticated with a Google account or a service account.

1336

#

1337

# * `user:{emailid}`: An email address that represents a specific Google

1338

# account. For example, `alice@example.com` .

1339

#

1340

#

1341

# * `serviceAccount:{emailid}`: An email address that represents a service

1342

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1343

#

1344

# * `group:{emailid}`: An email address that represents a Google group.

1345

# For example, `admins@example.com`.

1346

#

1347

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1348

# identifier) representing a user that has been recently deleted. For

1349

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1350

# recovered, this value reverts to `user:{emailid}` and the recovered user

1351

# retains the role in the binding.

1352

#

1353

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1354

# unique identifier) representing a service account that has been recently

1355

# deleted. For example,

1356

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1357

# If the service account is undeleted, this value reverts to

1358

# `serviceAccount:{emailid}` and the undeleted service account retains the

1359

# role in the binding.

1360

#

1361

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1362

# identifier) representing a Google group that has been recently

1363

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1364

# the group is recovered, this value reverts to `group:{emailid}` and the

1365

# recovered group retains the role in the binding.

1366

#

1367

#

1368

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1369

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"role": "A String", # Role that is assigned to `members`.

1374

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1375

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1376

#

1377

# If the condition evaluates to `true`, then this binding applies to the

1378

# current request.

1379

#

1380

# If the condition evaluates to `false`, then this binding does not apply to

1381

# the current request. However, a different role binding might grant the same

1382

# role to one or more of the members in this binding.

1383

#

1384

# To learn which resources support conditions in their IAM policies, see the

1385

# [IAM

1386

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1387

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1388

# are documented at https://github.com/google/cel-spec.

1389

#

1390

# Example (Comparison):

1391

#

1392

# title: "Summary size limit"

1393

# description: "Determines if a summary is less than 100 chars"

1394

# expression: "document.summary.size() < 100"

1395

#

1396

# Example (Equality):

1397

#

1398

# title: "Requestor is owner"

1399

# description: "Determines if requestor is the document owner"

1400

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1405

# description: "Determine whether the document should be publicly visible"

1406

# expression: "document.type != 'private' && document.type != 'internal'"

1407

#

1408

# Example (Data Manipulation):

1409

#

1410

# title: "Notification string"

1411

# description: "Create a notification string with a timestamp."

1412

# expression: "'New message received at ' + string(document.create_time)"

1413

#

1414

# The exact variables and functions that may be referenced within an expression

1415

# are determined by the service that evaluates it. See the service

1416

# documentation for additional information.

1417

"description": "A String", # Optional. Description of the expression. This is a longer text which

1418

# describes the expression, e.g. when hovered over it in a UI.

1419

"expression": "A String", # Textual representation of an expression in Common Expression Language

1420

# syntax.

1421

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1422

# its purpose. This can be used e.g. in UIs which allow to enter the

1423

# expression.

1424

"location": "A String", # Optional. String indicating the location of the expression for error

1425

# reporting, e.g. a file name and a position in the file.

},

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1430

# prevent simultaneous updates of a policy from overwriting each other.

1431

# It is strongly suggested that systems make use of the `etag` in the

1432

# read-modify-write cycle to perform policy updates in order to avoid race

1433

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1434

# systems are expected to put that etag in the request to `setIamPolicy` to

1435

# ensure that their change will be applied to the same version of the policy.

1436

#

1437

# **Important:** If you use IAM Conditions, you must include the `etag` field

1438

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1439

# you to overwrite a version `3` policy with a version `1` policy, and all of

1440

# the conditions in the version `3` policy are lost.

1441

"version": 42, # Specifies the format of the policy.

1442

#

1443

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1444

# are rejected.

1445

#

1446

# Any operation that affects conditional role bindings must specify version

1447

# `3`. This requirement applies to the following operations:

1448

#

1449

# * Getting a policy that includes a conditional role binding

1450

# * Adding a conditional role binding to a policy

1451

# * Changing a conditional role binding in a policy

1452

# * Removing any role binding, with or without a condition, from a policy

1453

# that includes conditions

1454

#

1455

# **Important:** If you use IAM Conditions, you must include the `etag` field

1456

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1457

# you to overwrite a version `3` policy with a version `1` policy, and all of

1458

# the conditions in the version `3` policy are lost.

1459

#

1460

# If a policy does not include any conditions, operations on that policy may

1461

# specify any valid version or leave the field unset.

1462

#

1463

# To learn which resources support conditions in their IAM policies, see the

1464

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

}</pre>

</div>

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

1470

<pre>Returns permissions that a caller has for the specified secret.

1471

If the secret does not exist, this call returns an empty set of

1472

permissions, not a NOT_FOUND error.

1473

1474

Note: This operation is designed to be used for building permission-aware

1475

UIs and command-line tools, not for authorization checking. This operation

1476

may "fail open" without warning.

1477

1478

Args:

1479

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1480

See the operation documentation for the appropriate value for this field. (required)

1481

body: object, The request body.

1482

The object takes the form of:

1483

1484

{ # Request message for `TestIamPermissions` method.

1485

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1486

# wildcards (such as '*' or 'storage.*') are not allowed. For more

1487

# information see

1488

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

"A String",

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1500

1501

{ # Response message for `TestIamPermissions` method.

1502

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

# allowed.

"A String",

],

}</pre>

</div>

</body></html>