Blame - docs/dyn/accesscontextmanager_v1.accessPolicies.accessLevels.html - platform/external/python/google-api-python-client

<h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1.accessPolicies.accessLevels.html">accessLevels</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p>

79

<p class="firstline">Create an Access Level. The longrunning</p>

80

81

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

82

<p class="firstline">Delete an Access Level by resource</p>

83

84

<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>

85

<p class="firstline">Get an Access Level by resource</p>

86

87

<code><a href="#list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>

88

<p class="firstline">List all Access Levels for an access</p>

89

90

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

91

<p class="firstline">Retrieves the next page of results.</p>

92

93

<code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>

94

<p class="firstline">Update an Access Level. The longrunning</p>

95

<h3>Method Details</h3>

96

97

<code class="details" id="create">create(parent, body, x__xgafv=None)</code>

98

<pre>Create an Access Level. The longrunning

99

operation from this RPC will have a successful status once the Access

100

Level has

101

propagated to long-lasting storage. Access Levels containing

102

errors will result in an error response for the first error encountered.

103

104

Args:

105

parent: string, Required. Resource name for the access policy which owns this Access

106

Level.

107

108

Format: `accessPolicies/{policy_id}` (required)

109

body: object, The request body. (required)

110

The object takes the form of:

111

112

{ # An `AccessLevel` is a label that can be applied to requests to GCP services,

113

# along with a list of requirements necessary for the label to be applied.

114

"updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC.

115

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

116

"title": "A String", # Human readable title. Must be unique within the Policy.

117

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

118

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

119

# granted this `AccessLevel`. If AND is used, each `Condition` in

120

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

121

# is used, at least one `Condition` in `conditions` must be satisfied for the

122

# `AccessLevel` to be applied. Default behavior is AND.

123

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

124

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

125

# AND over its fields. So a Condition is true if: 1) the request IP is from one

126

# of the listed subnetworks AND 2) the originating device complies with the

127

# listed device policy AND 3) all listed access levels are granted AND 4) the

128

# request was sent at a time allowed by the DateTimeRestriction.

129

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

130

# resource name. Referencing an `AccessLevel` which does not exist is an

131

# error. All access levels listed must be granted for the Condition

132

# to be true. Example:

133

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

134

"A String",

135

],

136

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

137

# Condition to be true. If not specified, all devices are allowed.

138

# given access level. A `DevicePolicy` specifies requirements for requests from

139

# devices to be granted access levels, it does not do any enforcement on the

140

# device. `DevicePolicy` acts as an AND over all specified fields, and each

141

# repeated field is an OR over its elements. Any unset fields are ignored. For

142

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

143

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

144

# true for requests originating from encrypted Linux desktops and encrypted

145

# Windows desktops.

146

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

147

"A String",

148

],

149

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

150

{ # A restriction on the OS type and version of devices making requests.

151

"osType": "A String", # Required. The allowed OS type.

152

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

153

# Verifications includes requirements that the device is enterprise-managed,

154

# conformant to Dasher domain policies, and the caller has permission to call

155

# the API targeted by the request.

156

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

157

# satisfies the constraint. Format: `"major.minor.patch"`.

158

# Examples: `"10.5.301"`, `"9.2.1"`.

159

},

160

],

161

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

162

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

163

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

168

# Defaults to `false`.

169

},

170

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

171

# a CIDR IP address block, the specified IP address portion must be properly

172

# truncated (i.e. all the host bits must be zero) or the input is considered

173

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

174

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

175

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

176

# the listed subnets in order for this Condition to be true. If empty, all IP

177

# addresses are allowed.

178

"A String",

179

],

180

"regions": [ # The request must originate from one of the provided countries/regions.

181

# Must be valid ISO 3166-1 alpha-2 codes.

182

"A String",

183

],

184

"members": [ # The request must be made by one of the provided user or service

185

# accounts. Groups are not supported.

186

# Syntax:

187

# `user:{emailid}`

188

# `serviceAccount:{emailid}`

189

# If not specified, a request may come from any user.

190

"A String",

191

],

192

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

193

# its non-empty fields, each field must be false for the Condition overall to

194

# be satisfied. Defaults to false.

},

],

},

"createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC.

199

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

200

# must begin with a letter and only include alphanumeric and '_'. Format:

201

# `accessPolicies/{policy_id}/accessLevels/{short_name}`

202

}

203

204

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

211

212

{ # This resource represents a long-running operation that is the result of a

213

# network API call.

214

"metadata": { # Service-specific metadata associated with the operation. It typically

215

# contains progress information and common metadata such as create time.

216

# Some services might not provide such metadata. Any method that returns a

217

# long-running operation should document the metadata type, if any.

218

"a_key": "", # Properties of the object. Contains field @type with type URL.

219

},

220

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

221

# different programming environments, including REST APIs and RPC APIs. It is

222

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

223

# three pieces of data: error code, error message, and error details.

224

#

225

# You can find out more about this error model and how to work with it in the

226

# [API Design Guide](https://cloud.google.com/apis/design/errors).

227

"message": "A String", # A developer-facing error message, which should be in English. Any

228

# user-facing error message should be localized and sent in the

229

# google.rpc.Status.details field, or localized by the client.

230

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

231

"details": [ # A list of messages that carry the error details. There is a common set of

232

# message types for APIs to use.

233

{

234

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"done": True or False, # If the value is `false`, it means the operation is still in progress.

239

# If `true`, the operation is completed, and either `error` or `response` is

240

# available.

241

"response": { # The normal response of the operation in case of success. If the original

242

# method returns no data on success, such as `Delete`, the response is

243

# `google.protobuf.Empty`. If the original method is standard

244

# `Get`/`Create`/`Update`, the response should be the resource. For other

245

# methods, the response should have the type `XxxResponse`, where `Xxx`

246

# is the original method name. For example, if the original method name

247

# is `TakeSnapshot()`, the inferred response type is

248

# `TakeSnapshotResponse`.

249

"a_key": "", # Properties of the object. Contains field @type with type URL.

250

},

251

"name": "A String", # The server-assigned name, which is only unique within the same service that

252

# originally returns it. If you use the default HTTP mapping, the

253

# `name` should be a resource name ending with `operations/{unique_id}`.

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

259

<pre>Delete an Access Level by resource

260

name. The longrunning operation from this RPC will have a successful status

261

once the Access Level has been removed

262

from long-lasting storage.

263

264

Args:

265

name: string, Required. Resource name for the Access Level.

266

267

Format:

268

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

269

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

276

277

{ # This resource represents a long-running operation that is the result of a

278

# network API call.

279

"metadata": { # Service-specific metadata associated with the operation. It typically

280

# contains progress information and common metadata such as create time.

281

# Some services might not provide such metadata. Any method that returns a

282

# long-running operation should document the metadata type, if any.

283

"a_key": "", # Properties of the object. Contains field @type with type URL.

284

},

285

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

286

# different programming environments, including REST APIs and RPC APIs. It is

287

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

288

# three pieces of data: error code, error message, and error details.

289

#

290

# You can find out more about this error model and how to work with it in the

291

# [API Design Guide](https://cloud.google.com/apis/design/errors).

292

"message": "A String", # A developer-facing error message, which should be in English. Any

293

# user-facing error message should be localized and sent in the

294

# google.rpc.Status.details field, or localized by the client.

295

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

296

"details": [ # A list of messages that carry the error details. There is a common set of

297

# message types for APIs to use.

298

{

299

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"done": True or False, # If the value is `false`, it means the operation is still in progress.

304

# If `true`, the operation is completed, and either `error` or `response` is

305

# available.

306

"response": { # The normal response of the operation in case of success. If the original

307

# method returns no data on success, such as `Delete`, the response is

308

# `google.protobuf.Empty`. If the original method is standard

309

# `Get`/`Create`/`Update`, the response should be the resource. For other

310

# methods, the response should have the type `XxxResponse`, where `Xxx`

311

# is the original method name. For example, if the original method name

312

# is `TakeSnapshot()`, the inferred response type is

313

# `TakeSnapshotResponse`.

314

"a_key": "", # Properties of the object. Contains field @type with type URL.

315

},

316

"name": "A String", # The server-assigned name, which is only unique within the same service that

317

# originally returns it. If you use the default HTTP mapping, the

318

# `name` should be a resource name ending with `operations/{unique_id}`.

}</pre>

</div>

<code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>

324

<pre>Get an Access Level by resource

name.

Args:

name: string, Required. Resource name for the Access Level.

329

330

Format:

331

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

332

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression

333

Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where

334

Access Levels

335

are returned as `BasicLevels` or `CustomLevels` based on how they were

336

created. If set to CEL, all Access Levels are returned as

337

`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent

338

`CustomLevels`.

339

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

346

347

{ # An `AccessLevel` is a label that can be applied to requests to GCP services,

348

# along with a list of requirements necessary for the label to be applied.

349

"updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC.

350

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

351

"title": "A String", # Human readable title. Must be unique within the Policy.

352

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

353

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

354

# granted this `AccessLevel`. If AND is used, each `Condition` in

355

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

356

# is used, at least one `Condition` in `conditions` must be satisfied for the

357

# `AccessLevel` to be applied. Default behavior is AND.

358

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

359

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

360

# AND over its fields. So a Condition is true if: 1) the request IP is from one

361

# of the listed subnetworks AND 2) the originating device complies with the

362

# listed device policy AND 3) all listed access levels are granted AND 4) the

363

# request was sent at a time allowed by the DateTimeRestriction.

364

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

365

# resource name. Referencing an `AccessLevel` which does not exist is an

366

# error. All access levels listed must be granted for the Condition

367

# to be true. Example:

368

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

369

"A String",

370

],

371

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

372

# Condition to be true. If not specified, all devices are allowed.

373

# given access level. A `DevicePolicy` specifies requirements for requests from

374

# devices to be granted access levels, it does not do any enforcement on the

375

# device. `DevicePolicy` acts as an AND over all specified fields, and each

376

# repeated field is an OR over its elements. Any unset fields are ignored. For

377

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

378

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

379

# true for requests originating from encrypted Linux desktops and encrypted

380

# Windows desktops.

381

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

382

"A String",

383

],

384

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

385

{ # A restriction on the OS type and version of devices making requests.

386

"osType": "A String", # Required. The allowed OS type.

387

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

388

# Verifications includes requirements that the device is enterprise-managed,

389

# conformant to Dasher domain policies, and the caller has permission to call

390

# the API targeted by the request.

391

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

392

# satisfies the constraint. Format: `"major.minor.patch"`.

393

# Examples: `"10.5.301"`, `"9.2.1"`.

394

},

395

],

396

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

397

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

398

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

403

# Defaults to `false`.

404

},

405

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

406

# a CIDR IP address block, the specified IP address portion must be properly

407

# truncated (i.e. all the host bits must be zero) or the input is considered

408

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

409

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

410

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

411

# the listed subnets in order for this Condition to be true. If empty, all IP

412

# addresses are allowed.

413

"A String",

414

],

415

"regions": [ # The request must originate from one of the provided countries/regions.

416

# Must be valid ISO 3166-1 alpha-2 codes.

417

"A String",

418

],

419

"members": [ # The request must be made by one of the provided user or service

420

# accounts. Groups are not supported.

421

# Syntax:

422

# `user:{emailid}`

423

# `serviceAccount:{emailid}`

424

# If not specified, a request may come from any user.

425

"A String",

426

],

427

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

428

# its non-empty fields, each field must be false for the Condition overall to

429

# be satisfied. Defaults to false.

},

],

},

"createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC.

434

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

435

# must begin with a letter and only include alphanumeric and '_'. Format:

436

# `accessPolicies/{policy_id}/accessLevels/{short_name}`

}</pre>

</div>

<code class="details" id="list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</code>

442

<pre>List all Access Levels for an access

policy.

Args:

parent: string, Required. Resource name for the access policy to list Access Levels from.

447

448

Format:

449

`accessPolicies/{policy_id}` (required)

450

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as

451

`CustomLevels`, rather than as `BasicLevels`. Defaults to returning

452

`AccessLevels` in the format they were defined.

453

pageSize: integer, Number of Access Levels to include in

454

the list. Default 100.

455

pageToken: string, Next page token for the next batch of Access Level instances.

456

Defaults to the first page of results.

457

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

464

465

{ # A response to `ListAccessLevelsRequest`.

466

"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is

467

# empty, no further results remain.

468

"accessLevels": [ # List of the Access Level instances.

469

{ # An `AccessLevel` is a label that can be applied to requests to GCP services,

470

# along with a list of requirements necessary for the label to be applied.

471

"updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC.

472

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

473

"title": "A String", # Human readable title. Must be unique within the Policy.

474

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

475

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

476

# granted this `AccessLevel`. If AND is used, each `Condition` in

477

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

478

# is used, at least one `Condition` in `conditions` must be satisfied for the

479

# `AccessLevel` to be applied. Default behavior is AND.

480

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

481

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

482

# AND over its fields. So a Condition is true if: 1) the request IP is from one

483

# of the listed subnetworks AND 2) the originating device complies with the

484

# listed device policy AND 3) all listed access levels are granted AND 4) the

485

# request was sent at a time allowed by the DateTimeRestriction.

486

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

487

# resource name. Referencing an `AccessLevel` which does not exist is an

488

# error. All access levels listed must be granted for the Condition

489

# to be true. Example:

490

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

491

"A String",

492

],

493

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

494

# Condition to be true. If not specified, all devices are allowed.

495

# given access level. A `DevicePolicy` specifies requirements for requests from

496

# devices to be granted access levels, it does not do any enforcement on the

497

# device. `DevicePolicy` acts as an AND over all specified fields, and each

498

# repeated field is an OR over its elements. Any unset fields are ignored. For

499

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

500

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

501

# true for requests originating from encrypted Linux desktops and encrypted

502

# Windows desktops.

503

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

504

"A String",

505

],

506

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

507

{ # A restriction on the OS type and version of devices making requests.

508

"osType": "A String", # Required. The allowed OS type.

509

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

510

# Verifications includes requirements that the device is enterprise-managed,

511

# conformant to Dasher domain policies, and the caller has permission to call

512

# the API targeted by the request.

513

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

514

# satisfies the constraint. Format: `"major.minor.patch"`.

515

# Examples: `"10.5.301"`, `"9.2.1"`.

516

},

517

],

518

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

519

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

520

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

525

# Defaults to `false`.

526

},

527

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

528

# a CIDR IP address block, the specified IP address portion must be properly

529

# truncated (i.e. all the host bits must be zero) or the input is considered

530

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

531

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

532

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

533

# the listed subnets in order for this Condition to be true. If empty, all IP

534

# addresses are allowed.

535

"A String",

536

],

537

"regions": [ # The request must originate from one of the provided countries/regions.

538

# Must be valid ISO 3166-1 alpha-2 codes.

539

"A String",

540

],

541

"members": [ # The request must be made by one of the provided user or service

542

# accounts. Groups are not supported.

543

# Syntax:

544

# `user:{emailid}`

545

# `serviceAccount:{emailid}`

546

# If not specified, a request may come from any user.

547

"A String",

548

],

549

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

550

# its non-empty fields, each field must be false for the Condition overall to

551

# be satisfied. Defaults to false.

},

],

},

"createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC.

556

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

557

# must begin with a letter and only include alphanumeric and '_'. Format:

558

# `accessPolicies/{policy_id}/accessLevels/{short_name}`

},

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

566

<pre>Retrieves the next page of results.

567

568

Args:

569

previous_request: The request for the previous page. (required)

570

previous_response: The response from the request for the previous page. (required)

571

572

Returns:

573

A request object that you can call 'execute()' on to request the next

574

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>

580

<pre>Update an Access Level. The longrunning

581

operation from this RPC will have a successful status once the changes to

582

the Access Level have propagated

583

to long-lasting storage. Access Levels containing

584

errors will result in an error response for the first error encountered.

585

586

Args:

587

name: string, Required. Resource name for the Access Level. The `short_name` component

588

must begin with a letter and only include alphanumeric and '_'. Format:

589

`accessPolicies/{policy_id}/accessLevels/{short_name}` (required)

590

body: object, The request body. (required)

591

The object takes the form of:

592

593

{ # An `AccessLevel` is a label that can be applied to requests to GCP services,

594

# along with a list of requirements necessary for the label to be applied.

595

"updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC.

596

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

597

"title": "A String", # Human readable title. Must be unique within the Policy.

598

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

599

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

600

# granted this `AccessLevel`. If AND is used, each `Condition` in

601

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

602

# is used, at least one `Condition` in `conditions` must be satisfied for the

603

# `AccessLevel` to be applied. Default behavior is AND.

604

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

605

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

606

# AND over its fields. So a Condition is true if: 1) the request IP is from one

607

# of the listed subnetworks AND 2) the originating device complies with the

608

# listed device policy AND 3) all listed access levels are granted AND 4) the

609

# request was sent at a time allowed by the DateTimeRestriction.

610

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

611

# resource name. Referencing an `AccessLevel` which does not exist is an

612

# error. All access levels listed must be granted for the Condition

613

# to be true. Example:

614

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

615

"A String",

616

],

617

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

618

# Condition to be true. If not specified, all devices are allowed.

619

# given access level. A `DevicePolicy` specifies requirements for requests from

620

# devices to be granted access levels, it does not do any enforcement on the

621

# device. `DevicePolicy` acts as an AND over all specified fields, and each

622

# repeated field is an OR over its elements. Any unset fields are ignored. For

623

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

624

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

625

# true for requests originating from encrypted Linux desktops and encrypted

626

# Windows desktops.

627

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

628

"A String",

629

],

630

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

631

{ # A restriction on the OS type and version of devices making requests.

632

"osType": "A String", # Required. The allowed OS type.

633

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

634

# Verifications includes requirements that the device is enterprise-managed,

635

# conformant to Dasher domain policies, and the caller has permission to call

636

# the API targeted by the request.

637

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

638

# satisfies the constraint. Format: `"major.minor.patch"`.

639

# Examples: `"10.5.301"`, `"9.2.1"`.

640

},

641

],

642

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

643

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

644

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

649

# Defaults to `false`.

650

},

651

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

652

# a CIDR IP address block, the specified IP address portion must be properly

653

# truncated (i.e. all the host bits must be zero) or the input is considered

654

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

655

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

656

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

657

# the listed subnets in order for this Condition to be true. If empty, all IP

658

# addresses are allowed.

659

"A String",

660

],

661

"regions": [ # The request must originate from one of the provided countries/regions.

662

# Must be valid ISO 3166-1 alpha-2 codes.

663

"A String",

664

],

665

"members": [ # The request must be made by one of the provided user or service

666

# accounts. Groups are not supported.

667

# Syntax:

668

# `user:{emailid}`

669

# `serviceAccount:{emailid}`

670

# If not specified, a request may come from any user.

671

"A String",

672

],

673

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

674

# its non-empty fields, each field must be false for the Condition overall to

675

# be satisfied. Defaults to false.

},

],

},

"createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC.

680

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

681

# must begin with a letter and only include alphanumeric and '_'. Format:

682

# `accessPolicies/{policy_id}/accessLevels/{short_name}`

683

}

684

685

updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.

686

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

693

694

{ # This resource represents a long-running operation that is the result of a

695

# network API call.

696

"metadata": { # Service-specific metadata associated with the operation. It typically

697

# contains progress information and common metadata such as create time.

698

# Some services might not provide such metadata. Any method that returns a

699

# long-running operation should document the metadata type, if any.

700

"a_key": "", # Properties of the object. Contains field @type with type URL.

701

},

702

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

703

# different programming environments, including REST APIs and RPC APIs. It is

704

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

705

# three pieces of data: error code, error message, and error details.

706

#

707

# You can find out more about this error model and how to work with it in the

708

# [API Design Guide](https://cloud.google.com/apis/design/errors).