Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 715bd7f9ca9a324a05ee05a6476af383e54930f9 / . / docs / dyn / datafusion_v1beta1.projects.locations.instances.html
blob: 3261693b46b5962590cace8e651919b6bc85d2d5 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="datafusion_v1beta1.html">Cloud Data Fusion API</a> . <a href="datafusion_v1beta1.projects.html">projects</a> . <a href="datafusion_v1beta1.projects.locations.html">locations</a> . <a href="datafusion_v1beta1.projects.locations.instances.html">instances</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#create">create(parent, body, instanceId=None, x__xgafv=None)</a></code></p>
79<p class="firstline">Creates a new Data Fusion instance in the specified project and location.</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes a single Date Fusion instance.</p>
83<p class="toc_element">
84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
85<p class="firstline">Gets details of a single Data Fusion instance.</p>
86<p class="toc_element">
87 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p>
88<p class="firstline">Gets the access control policy for a resource.</p>
89<p class="toc_element">
90 <code><a href="#list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p>
91<p class="firstline">Lists Data Fusion instances in the specified project and location.</p>
92<p class="toc_element">
93 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
94<p class="firstline">Retrieves the next page of results.</p>
95<p class="toc_element">
96 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
97<p class="firstline">Updates a single Data Fusion instance.</p>
98<p class="toc_element">
99 <code><a href="#restart">restart(name, body=None, x__xgafv=None)</a></code></p>
100<p class="firstline">Restart a single Data Fusion instance.</p>
101<p class="toc_element">
102 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
103<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
104<p class="toc_element">
105 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
106<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
107<p class="toc_element">
108 <code><a href="#upgrade">upgrade(name, body=None, x__xgafv=None)</a></code></p>
109<p class="firstline">Upgrade a single Data Fusion instance.</p>
110<h3>Method Details</h3>
111<div class="method">
112 <code class="details" id="create">create(parent, body, instanceId=None, x__xgafv=None)</code>
113 <pre>Creates a new Data Fusion instance in the specified project and location.
114
115Args:
116 parent: string, The instance's project and location in the format
117projects/{project}/locations/{location}. (required)
118 body: object, The request body. (required)
119 The object takes the form of:
120
121{ # Represents a Data Fusion instance.
122 "updateTime": "A String", # Output only. The time the instance was last updated.
123 "displayName": "A String", # Display name for an instance.
124 "description": "A String", # An optional description of this instance.
125 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created.
126 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to
127 # true, all Data Fusion nodes will have private IP addresses and will not be
128 # able to access the public internet.
129 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring.
130 "options": { # Map of additional options used to configure the behavior of
131 # Data Fusion instance.
132 "a_key": "A String",
133 },
134 "labels": { # The resource labels for instance to use to annotate any related underlying
135 # resources such as GCE VMs. The character '=' is not allowed to be used
136 # within the labels.
137 "a_key": "A String",
138 },
139 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging.
140 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data
141 # Fusion instance is to be created.
142 # are used for peering with the customer network. Configurations are optional
143 # when a public Data Fusion instance is to be created. However, providing
144 # these configurations allows several benefits, such as reduced network latency
145 # while accessing the customer resources from managed Data Fusion instance
146 # nodes, as well as access to the customer on-prem resources.
147 "network": "A String", # Name of the network in the customer project with which the Tenant Project
148 # will be peered for executing pipelines.
149 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance
150 # nodes. This range must not overlap with any other ranges used in the Data
151 # Fusion instance network.
152 },
153 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are
154 # accessible.
155 "stateMessage": "A String", # Output only. Additional information about the current state of this Data
156 # Fusion instance if available.
157 "state": "A String", # Output only. The current state of this Data Fusion instance.
158 "version": "A String", # Output only. Current version of the Data Fusion.
159 "type": "A String", # Required. Instance type.
160 "createTime": "A String", # Output only. The time the instance was created.
161 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in
162 # the customer project."
163 "name": "A String", # Output only. The name of this instance is in the form of
164 # projects/{project}/locations/{location}/instances/{instance}.
165}
166
167 instanceId: string, The name of the instance to create.
168 x__xgafv: string, V1 error format.
169 Allowed values
170 1 - v1 error format
171 2 - v2 error format
172
173Returns:
174 An object of the form:
175
176 { # This resource represents a long-running operation that is the result of a
177 # network API call.
178 "metadata": { # Service-specific metadata associated with the operation. It typically
179 # contains progress information and common metadata such as create time.
180 # Some services might not provide such metadata. Any method that returns a
181 # long-running operation should document the metadata type, if any.
182 "a_key": "", # Properties of the object. Contains field @type with type URL.
183 },
184 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
185 # different programming environments, including REST APIs and RPC APIs. It is
186 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
187 # three pieces of data: error code, error message, and error details.
188 #
189 # You can find out more about this error model and how to work with it in the
190 # [API Design Guide](https://cloud.google.com/apis/design/errors).
191 "message": "A String", # A developer-facing error message, which should be in English. Any
192 # user-facing error message should be localized and sent in the
193 # google.rpc.Status.details field, or localized by the client.
194 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
195 "details": [ # A list of messages that carry the error details. There is a common set of
196 # message types for APIs to use.
197 {
198 "a_key": "", # Properties of the object. Contains field @type with type URL.
199 },
200 ],
201 },
202 "done": True or False, # If the value is `false`, it means the operation is still in progress.
203 # If `true`, the operation is completed, and either `error` or `response` is
204 # available.
205 "response": { # The normal response of the operation in case of success. If the original
206 # method returns no data on success, such as `Delete`, the response is
207 # `google.protobuf.Empty`. If the original method is standard
208 # `Get`/`Create`/`Update`, the response should be the resource. For other
209 # methods, the response should have the type `XxxResponse`, where `Xxx`
210 # is the original method name. For example, if the original method name
211 # is `TakeSnapshot()`, the inferred response type is
212 # `TakeSnapshotResponse`.
213 "a_key": "", # Properties of the object. Contains field @type with type URL.
214 },
215 "name": "A String", # The server-assigned name, which is only unique within the same service that
216 # originally returns it. If you use the default HTTP mapping, the
217 # `name` should be a resource name ending with `operations/{unique_id}`.
218 }</pre>
219</div>
220
221<div class="method">
222 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
223 <pre>Deletes a single Date Fusion instance.
224
225Args:
226 name: string, The instance resource name in the format
227projects/{project}/locations/{location}/instances/{instance} (required)
228 x__xgafv: string, V1 error format.
229 Allowed values
230 1 - v1 error format
231 2 - v2 error format
232
233Returns:
234 An object of the form:
235
236 { # This resource represents a long-running operation that is the result of a
237 # network API call.
238 "metadata": { # Service-specific metadata associated with the operation. It typically
239 # contains progress information and common metadata such as create time.
240 # Some services might not provide such metadata. Any method that returns a
241 # long-running operation should document the metadata type, if any.
242 "a_key": "", # Properties of the object. Contains field @type with type URL.
243 },
244 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
245 # different programming environments, including REST APIs and RPC APIs. It is
246 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
247 # three pieces of data: error code, error message, and error details.
248 #
249 # You can find out more about this error model and how to work with it in the
250 # [API Design Guide](https://cloud.google.com/apis/design/errors).
251 "message": "A String", # A developer-facing error message, which should be in English. Any
252 # user-facing error message should be localized and sent in the
253 # google.rpc.Status.details field, or localized by the client.
254 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
255 "details": [ # A list of messages that carry the error details. There is a common set of
256 # message types for APIs to use.
257 {
258 "a_key": "", # Properties of the object. Contains field @type with type URL.
259 },
260 ],
261 },
262 "done": True or False, # If the value is `false`, it means the operation is still in progress.
263 # If `true`, the operation is completed, and either `error` or `response` is
264 # available.
265 "response": { # The normal response of the operation in case of success. If the original
266 # method returns no data on success, such as `Delete`, the response is
267 # `google.protobuf.Empty`. If the original method is standard
268 # `Get`/`Create`/`Update`, the response should be the resource. For other
269 # methods, the response should have the type `XxxResponse`, where `Xxx`
270 # is the original method name. For example, if the original method name
271 # is `TakeSnapshot()`, the inferred response type is
272 # `TakeSnapshotResponse`.
273 "a_key": "", # Properties of the object. Contains field @type with type URL.
274 },
275 "name": "A String", # The server-assigned name, which is only unique within the same service that
276 # originally returns it. If you use the default HTTP mapping, the
277 # `name` should be a resource name ending with `operations/{unique_id}`.
278 }</pre>
279</div>
280
281<div class="method">
282 <code class="details" id="get">get(name, x__xgafv=None)</code>
283 <pre>Gets details of a single Data Fusion instance.
284
285Args:
286 name: string, The instance resource name in the format
287projects/{project}/locations/{location}/instances/{instance}. (required)
288 x__xgafv: string, V1 error format.
289 Allowed values
290 1 - v1 error format
291 2 - v2 error format
292
293Returns:
294 An object of the form:
295
296 { # Represents a Data Fusion instance.
297 "updateTime": "A String", # Output only. The time the instance was last updated.
298 "displayName": "A String", # Display name for an instance.
299 "description": "A String", # An optional description of this instance.
300 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created.
301 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to
302 # true, all Data Fusion nodes will have private IP addresses and will not be
303 # able to access the public internet.
304 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring.
305 "options": { # Map of additional options used to configure the behavior of
306 # Data Fusion instance.
307 "a_key": "A String",
308 },
309 "labels": { # The resource labels for instance to use to annotate any related underlying
310 # resources such as GCE VMs. The character '=' is not allowed to be used
311 # within the labels.
312 "a_key": "A String",
313 },
314 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging.
315 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data
316 # Fusion instance is to be created.
317 # are used for peering with the customer network. Configurations are optional
318 # when a public Data Fusion instance is to be created. However, providing
319 # these configurations allows several benefits, such as reduced network latency
320 # while accessing the customer resources from managed Data Fusion instance
321 # nodes, as well as access to the customer on-prem resources.
322 "network": "A String", # Name of the network in the customer project with which the Tenant Project
323 # will be peered for executing pipelines.
324 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance
325 # nodes. This range must not overlap with any other ranges used in the Data
326 # Fusion instance network.
327 },
328 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are
329 # accessible.
330 "stateMessage": "A String", # Output only. Additional information about the current state of this Data
331 # Fusion instance if available.
332 "state": "A String", # Output only. The current state of this Data Fusion instance.
333 "version": "A String", # Output only. Current version of the Data Fusion.
334 "type": "A String", # Required. Instance type.
335 "createTime": "A String", # Output only. The time the instance was created.
336 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in
337 # the customer project."
338 "name": "A String", # Output only. The name of this instance is in the form of
339 # projects/{project}/locations/{location}/instances/{instance}.
340 }</pre>
341</div>
342
343<div class="method">
344 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code>
345 <pre>Gets the access control policy for a resource.
346Returns an empty policy if the resource exists and does not have a policy
347set.
348
349Args:
350 resource: string, REQUIRED: The resource for which the policy is being requested.
351See the operation documentation for the appropriate value for this field. (required)
352 x__xgafv: string, V1 error format.
353 Allowed values
354 1 - v1 error format
355 2 - v2 error format
356
357Returns:
358 An object of the form:
359
360 { # Defines an Identity and Access Management (IAM) policy. It is used to
361 # specify access control policies for Cloud Platform resources.
362 #
363 #
364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
365 # `members` to a `role`, where the members can be user accounts, Google groups,
366 # Google domains, and service accounts. A `role` is a named list of permissions
367 # defined by IAM.
368 #
369 # **JSON Example**
370 #
371 # {
372 # "bindings": [
373 # {
374 # "role": "roles/owner",
375 # "members": [
376 # "user:mike@example.com",
377 # "group:admins@example.com",
378 # "domain:google.com",
379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
380 # ]
381 # },
382 # {
383 # "role": "roles/viewer",
384 # "members": ["user:sean@example.com"]
385 # }
386 # ]
387 # }
388 #
389 # **YAML Example**
390 #
391 # bindings:
392 # - members:
393 # - user:mike@example.com
394 # - group:admins@example.com
395 # - domain:google.com
396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
397 # role: roles/owner
398 # - members:
399 # - user:sean@example.com
400 # role: roles/viewer
401 #
402 #
403 # For a description of IAM and its features, see the
404 # [IAM developer's guide](https://cloud.google.com/iam/docs).
405 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
406 { # Specifies the audit configuration for a service.
407 # The configuration determines which permission types are logged, and what
408 # identities, if any, are exempted from logging.
409 # An AuditConfig must have one or more AuditLogConfigs.
410 #
411 # If there are AuditConfigs for both `allServices` and a specific service,
412 # the union of the two AuditConfigs is used for that service: the log_types
413 # specified in each AuditConfig are enabled, and the exempted_members in each
414 # AuditLogConfig are exempted.
415 #
416 # Example Policy with multiple AuditConfigs:
417 #
418 # {
419 # "audit_configs": [
420 # {
421 # "service": "allServices"
422 # "audit_log_configs": [
423 # {
424 # "log_type": "DATA_READ",
425 # "exempted_members": [
426 # "user:foo@gmail.com"
427 # ]
428 # },
429 # {
430 # "log_type": "DATA_WRITE",
431 # },
432 # {
433 # "log_type": "ADMIN_READ",
434 # }
435 # ]
436 # },
437 # {
438 # "service": "fooservice.googleapis.com"
439 # "audit_log_configs": [
440 # {
441 # "log_type": "DATA_READ",
442 # },
443 # {
444 # "log_type": "DATA_WRITE",
445 # "exempted_members": [
446 # "user:bar@gmail.com"
447 # ]
448 # }
449 # ]
450 # }
451 # ]
452 # }
453 #
454 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
455 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
456 # bar@gmail.com from DATA_WRITE logging.
457 "exemptedMembers": [
458 "A String",
459 ],
460 "auditLogConfigs": [ # The configuration for logging of each type of permission.
461 { # Provides the configuration for logging a type of permissions.
462 # Example:
463 #
464 # {
465 # "audit_log_configs": [
466 # {
467 # "log_type": "DATA_READ",
468 # "exempted_members": [
469 # "user:foo@gmail.com"
470 # ]
471 # },
472 # {
473 # "log_type": "DATA_WRITE",
474 # }
475 # ]
476 # }
477 #
478 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
479 # foo@gmail.com from DATA_READ logging.
480 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
481 # permission.
482 # Follows the same format of Binding.members.
483 "A String",
484 ],
485 "logType": "A String", # The log type that this config enables.
486 },
487 ],
488 "service": "A String", # Specifies a service that will be enabled for audit logging.
489 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
490 # `allServices` is a special value that covers all services.
491 },
492 ],
493 "rules": [ # If more than one rule is specified, the rules are applied in the following
494 # manner:
495 # - All matching LOG rules are always applied.
496 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
497 # Logging will be applied if one or more matching rule requires logging.
498 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
499 # granted.
500 # Logging will be applied if one or more matching rule requires logging.
501 # - Otherwise, if no rule applies, permission is denied.
502 { # A rule to be applied in a Policy.
503 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
504 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
505 # The format for in and not_in entries can be found at in the Local IAM
506 # documentation (see go/local-iam#features).
507 "A String",
508 ],
509 "description": "A String", # Human-readable description of the rule.
510 "in": [ # If one or more 'in' clauses are specified, the rule matches if
511 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
512 "A String",
513 ],
514 "action": "A String", # Required
515 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the
516 # rule to match.
517 { # A condition to be met.
518 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
519 # the IAM system for access control.
520 "iam": "A String", # Trusted attributes supplied by the IAM system.
521 "values": [ # The objects of the condition.
522 "A String",
523 ],
524 "svc": "A String", # Trusted attributes discharged by the service.
525 "op": "A String", # An operator to apply the subject with.
526 },
527 ],
528 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
529 # that match the LOG action.
530 { # Specifies what kind of log the caller must write
531 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.
532 #
533 # Metric names should start with a '/', generally be lowercase-only,
534 # and end in "_count". Field names should not contain an initial slash.
535 # The actual exported metric names will have "/iam/policy" prepended.
536 #
537 # Field names correspond to IAM request parameters and field values are
538 # their respective values.
539 #
540 # Supported field names:
541 # - "authority", which is "[token]" if IAMContext.token is present,
542 # otherwise the value of IAMContext.authority_selector if present, and
543 # otherwise a representation of IAMContext.principal; or
544 # - "iam_principal", a representation of IAMContext.principal even if a
545 # token or authority selector is present; or
546 # - "" (empty string), resulting in a counter with no fields.
547 #
548 # Examples:
549 # counter { metric: "/debug_access_count" field: "iam_principal" }
550 # ==> increment counter /iam/policy/backend_debug_access_count
551 # {iam_principal=[value of IAMContext.principal]}
552 #
553 # At this time we do not support multiple field names (though this may be
554 # supported in the future).
555 "field": "A String", # The field value to attribute.
556 "metric": "A String", # The metric to update.
557 },
558 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
559 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller.
560 # This is relevant only in the LocalIAM implementation, for now.
561 },
562 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
563 "logName": "A String", # The log_name to populate in the Cloud Audit Record.
564 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.
565 "permissionType": "A String", # The type of the permission that was checked.
566 },
567 },
568 },
569 ],
570 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
571 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
572 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
573 "A String",
574 ],
575 },
576 ],
577 "version": 42, # Deprecated.
578 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
579 # prevent simultaneous updates of a policy from overwriting each other.
580 # It is strongly suggested that systems make use of the `etag` in the
581 # read-modify-write cycle to perform policy updates in order to avoid race
582 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
583 # systems are expected to put that etag in the request to `setIamPolicy` to
584 # ensure that their change will be applied to the same version of the policy.
585 #
586 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
587 # policy is overwritten blindly.
588 "bindings": [ # Associates a list of `members` to a `role`.
589 # `bindings` with no members will result in an error.
590 { # Associates `members` with a `role`.
591 "role": "A String", # Role that is assigned to `members`.
592 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
593 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
594 # NOTE: An unsatisfied condition will not allow user access via current
595 # binding. Different bindings, including their conditions, are examined
596 # independently.
597 #
598 # title: "User account presence"
599 # description: "Determines whether the request has a user account"
600 # expression: "size(request.user) > 0"
601 "description": "A String", # An optional description of the expression. This is a longer text which
602 # describes the expression, e.g. when hovered over it in a UI.
603 "expression": "A String", # Textual representation of an expression in
604 # Common Expression Language syntax.
605 #
606 # The application context of the containing message determines which
607 # well-known feature set of CEL is supported.
608 "location": "A String", # An optional string indicating the location of the expression for error
609 # reporting, e.g. a file name and a position in the file.
610 "title": "A String", # An optional title for the expression, i.e. a short string describing
611 # its purpose. This can be used e.g. in UIs which allow to enter the
612 # expression.
613 },
614 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
615 # `members` can have the following values:
616 #
617 # * `allUsers`: A special identifier that represents anyone who is
618 # on the internet; with or without a Google account.
619 #
620 # * `allAuthenticatedUsers`: A special identifier that represents anyone
621 # who is authenticated with a Google account or a service account.
622 #
623 # * `user:{emailid}`: An email address that represents a specific Google
624 # account. For example, `alice@gmail.com` .
625 #
626 #
627 # * `serviceAccount:{emailid}`: An email address that represents a service
628 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
629 #
630 # * `group:{emailid}`: An email address that represents a Google group.
631 # For example, `admins@example.com`.
632 #
633 #
634 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
635 # users of that domain. For example, `google.com` or `example.com`.
636 #
637 "A String",
638 ],
639 },
640 ],
641 "iamOwned": True or False,
642 }</pre>
643</div>
644
645<div class="method">
646 <code class="details" id="list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code>
647 <pre>Lists Data Fusion instances in the specified project and location.
648
649Args:
650 parent: string, The project and location for which to retrieve instance information
651in the format projects/{project}/locations/{location}. If the location is
652specified as '-' (wildcard), then all regions available to the project
653are queried, and the results are aggregated. (required)
654 orderBy: string, Sort results. Supported values are "name", "name desc", or "" (unsorted).
655 pageSize: integer, The maximum number of items to return.
656 pageToken: string, The next_page_token value to use if there are additional
657results to retrieve for this list request.
658 x__xgafv: string, V1 error format.
659 Allowed values
660 1 - v1 error format
661 2 - v2 error format
662 filter: string, List filter.
663
664Returns:
665 An object of the form:
666
667 { # Response message for the list instance request.
668 "nextPageToken": "A String", # Token to retrieve the next page of results or empty if there are no more
669 # results in the list.
670 "unreachable": [ # Locations that could not be reached.
671 "A String",
672 ],
673 "instances": [ # Represents a list of Data Fusion instances.
674 { # Represents a Data Fusion instance.
675 "updateTime": "A String", # Output only. The time the instance was last updated.
676 "displayName": "A String", # Display name for an instance.
677 "description": "A String", # An optional description of this instance.
678 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created.
679 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to
680 # true, all Data Fusion nodes will have private IP addresses and will not be
681 # able to access the public internet.
682 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring.
683 "options": { # Map of additional options used to configure the behavior of
684 # Data Fusion instance.
685 "a_key": "A String",
686 },
687 "labels": { # The resource labels for instance to use to annotate any related underlying
688 # resources such as GCE VMs. The character '=' is not allowed to be used
689 # within the labels.
690 "a_key": "A String",
691 },
692 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging.
693 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data
694 # Fusion instance is to be created.
695 # are used for peering with the customer network. Configurations are optional
696 # when a public Data Fusion instance is to be created. However, providing
697 # these configurations allows several benefits, such as reduced network latency
698 # while accessing the customer resources from managed Data Fusion instance
699 # nodes, as well as access to the customer on-prem resources.
700 "network": "A String", # Name of the network in the customer project with which the Tenant Project
701 # will be peered for executing pipelines.
702 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance
703 # nodes. This range must not overlap with any other ranges used in the Data
704 # Fusion instance network.
705 },
706 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are
707 # accessible.
708 "stateMessage": "A String", # Output only. Additional information about the current state of this Data
709 # Fusion instance if available.
710 "state": "A String", # Output only. The current state of this Data Fusion instance.
711 "version": "A String", # Output only. Current version of the Data Fusion.
712 "type": "A String", # Required. Instance type.
713 "createTime": "A String", # Output only. The time the instance was created.
714 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in
715 # the customer project."
716 "name": "A String", # Output only. The name of this instance is in the form of
717 # projects/{project}/locations/{location}/instances/{instance}.
718 },
719 ],
720 }</pre>
721</div>
722
723<div class="method">
724 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
725 <pre>Retrieves the next page of results.
726
727Args:
728 previous_request: The request for the previous page. (required)
729 previous_response: The response from the request for the previous page. (required)
730
731Returns:
732 A request object that you can call 'execute()' on to request the next
733 page. Returns None if there are no more items in the collection.
734 </pre>
735</div>
736
737<div class="method">
738 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
739 <pre>Updates a single Data Fusion instance.
740
741Args:
742 name: string, Output only. The name of this instance is in the form of
743projects/{project}/locations/{location}/instances/{instance}. (required)
744 body: object, The request body. (required)
745 The object takes the form of:
746
747{ # Represents a Data Fusion instance.
748 "updateTime": "A String", # Output only. The time the instance was last updated.
749 "displayName": "A String", # Display name for an instance.
750 "description": "A String", # An optional description of this instance.
751 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created.
752 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to
753 # true, all Data Fusion nodes will have private IP addresses and will not be
754 # able to access the public internet.
755 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring.
756 "options": { # Map of additional options used to configure the behavior of
757 # Data Fusion instance.
758 "a_key": "A String",
759 },
760 "labels": { # The resource labels for instance to use to annotate any related underlying
761 # resources such as GCE VMs. The character '=' is not allowed to be used
762 # within the labels.
763 "a_key": "A String",
764 },
765 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging.
766 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data
767 # Fusion instance is to be created.
768 # are used for peering with the customer network. Configurations are optional
769 # when a public Data Fusion instance is to be created. However, providing
770 # these configurations allows several benefits, such as reduced network latency
771 # while accessing the customer resources from managed Data Fusion instance
772 # nodes, as well as access to the customer on-prem resources.
773 "network": "A String", # Name of the network in the customer project with which the Tenant Project
774 # will be peered for executing pipelines.
775 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance
776 # nodes. This range must not overlap with any other ranges used in the Data
777 # Fusion instance network.
778 },
779 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are
780 # accessible.
781 "stateMessage": "A String", # Output only. Additional information about the current state of this Data
782 # Fusion instance if available.
783 "state": "A String", # Output only. The current state of this Data Fusion instance.
784 "version": "A String", # Output only. Current version of the Data Fusion.
785 "type": "A String", # Required. Instance type.
786 "createTime": "A String", # Output only. The time the instance was created.
787 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in
788 # the customer project."
789 "name": "A String", # Output only. The name of this instance is in the form of
790 # projects/{project}/locations/{location}/instances/{instance}.
791}
792
793 updateMask: string, Field mask is used to specify the fields that the update will overwrite
794in an instance resource. The fields specified in the update_mask are
795relative to the resource, not the full request.
796A field will be overwritten if it is in the mask.
797If the user does not provide a mask, all the supported fields (labels and
798options currently) will be overwritten.
799 x__xgafv: string, V1 error format.
800 Allowed values
801 1 - v1 error format
802 2 - v2 error format
803
804Returns:
805 An object of the form:
806
807 { # This resource represents a long-running operation that is the result of a
808 # network API call.
809 "metadata": { # Service-specific metadata associated with the operation. It typically
810 # contains progress information and common metadata such as create time.
811 # Some services might not provide such metadata. Any method that returns a
812 # long-running operation should document the metadata type, if any.
813 "a_key": "", # Properties of the object. Contains field @type with type URL.
814 },
815 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
816 # different programming environments, including REST APIs and RPC APIs. It is
817 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
818 # three pieces of data: error code, error message, and error details.
819 #
820 # You can find out more about this error model and how to work with it in the
821 # [API Design Guide](https://cloud.google.com/apis/design/errors).
822 "message": "A String", # A developer-facing error message, which should be in English. Any
823 # user-facing error message should be localized and sent in the
824 # google.rpc.Status.details field, or localized by the client.
825 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
826 "details": [ # A list of messages that carry the error details. There is a common set of
827 # message types for APIs to use.
828 {
829 "a_key": "", # Properties of the object. Contains field @type with type URL.
830 },
831 ],
832 },
833 "done": True or False, # If the value is `false`, it means the operation is still in progress.
834 # If `true`, the operation is completed, and either `error` or `response` is
835 # available.
836 "response": { # The normal response of the operation in case of success. If the original
837 # method returns no data on success, such as `Delete`, the response is
838 # `google.protobuf.Empty`. If the original method is standard
839 # `Get`/`Create`/`Update`, the response should be the resource. For other
840 # methods, the response should have the type `XxxResponse`, where `Xxx`
841 # is the original method name. For example, if the original method name
842 # is `TakeSnapshot()`, the inferred response type is
843 # `TakeSnapshotResponse`.
844 "a_key": "", # Properties of the object. Contains field @type with type URL.
845 },
846 "name": "A String", # The server-assigned name, which is only unique within the same service that
847 # originally returns it. If you use the default HTTP mapping, the
848 # `name` should be a resource name ending with `operations/{unique_id}`.
849 }</pre>
850</div>
851
852<div class="method">
853 <code class="details" id="restart">restart(name, body=None, x__xgafv=None)</code>
854 <pre>Restart a single Data Fusion instance.
855At the end of an operation instance is fully restarted.
856
857Args:
858 name: string, Name of the Data Fusion instance which need to be restarted in the form of
859projects/{project}/locations/{location}/instances/{instance} (required)
860 body: object, The request body.
861 The object takes the form of:
862
863{ # Request message for restarting a Data Fusion instance.
864 }
865
866 x__xgafv: string, V1 error format.
867 Allowed values
868 1 - v1 error format
869 2 - v2 error format
870
871Returns:
872 An object of the form:
873
874 { # This resource represents a long-running operation that is the result of a
875 # network API call.
876 "metadata": { # Service-specific metadata associated with the operation. It typically
877 # contains progress information and common metadata such as create time.
878 # Some services might not provide such metadata. Any method that returns a
879 # long-running operation should document the metadata type, if any.
880 "a_key": "", # Properties of the object. Contains field @type with type URL.
881 },
882 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
883 # different programming environments, including REST APIs and RPC APIs. It is
884 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
885 # three pieces of data: error code, error message, and error details.
886 #
887 # You can find out more about this error model and how to work with it in the
888 # [API Design Guide](https://cloud.google.com/apis/design/errors).
889 "message": "A String", # A developer-facing error message, which should be in English. Any
890 # user-facing error message should be localized and sent in the
891 # google.rpc.Status.details field, or localized by the client.
892 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
893 "details": [ # A list of messages that carry the error details. There is a common set of
894 # message types for APIs to use.
895 {
896 "a_key": "", # Properties of the object. Contains field @type with type URL.
897 },
898 ],
899 },
900 "done": True or False, # If the value is `false`, it means the operation is still in progress.
901 # If `true`, the operation is completed, and either `error` or `response` is
902 # available.
903 "response": { # The normal response of the operation in case of success. If the original
904 # method returns no data on success, such as `Delete`, the response is
905 # `google.protobuf.Empty`. If the original method is standard
906 # `Get`/`Create`/`Update`, the response should be the resource. For other
907 # methods, the response should have the type `XxxResponse`, where `Xxx`
908 # is the original method name. For example, if the original method name
909 # is `TakeSnapshot()`, the inferred response type is
910 # `TakeSnapshotResponse`.
911 "a_key": "", # Properties of the object. Contains field @type with type URL.
912 },
913 "name": "A String", # The server-assigned name, which is only unique within the same service that
914 # originally returns it. If you use the default HTTP mapping, the
915 # `name` should be a resource name ending with `operations/{unique_id}`.
916 }</pre>
917</div>
918
919<div class="method">
920 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
921 <pre>Sets the access control policy on the specified resource. Replaces any
922existing policy.
923
924Args:
925 resource: string, REQUIRED: The resource for which the policy is being specified.
926See the operation documentation for the appropriate value for this field. (required)
927 body: object, The request body. (required)
928 The object takes the form of:
929
930{ # Request message for `SetIamPolicy` method.
931 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
932 # the policy is limited to a few 10s of KB. An empty policy is a
933 # valid policy but certain Cloud Platform services (such as Projects)
934 # might reject them.
935 # specify access control policies for Cloud Platform resources.
936 #
937 #
938 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
939 # `members` to a `role`, where the members can be user accounts, Google groups,
940 # Google domains, and service accounts. A `role` is a named list of permissions
941 # defined by IAM.
942 #
943 # **JSON Example**
944 #
945 # {
946 # "bindings": [
947 # {
948 # "role": "roles/owner",
949 # "members": [
950 # "user:mike@example.com",
951 # "group:admins@example.com",
952 # "domain:google.com",
953 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
954 # ]
955 # },
956 # {
957 # "role": "roles/viewer",
958 # "members": ["user:sean@example.com"]
959 # }
960 # ]
961 # }
962 #
963 # **YAML Example**
964 #
965 # bindings:
966 # - members:
967 # - user:mike@example.com
968 # - group:admins@example.com
969 # - domain:google.com
970 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
971 # role: roles/owner
972 # - members:
973 # - user:sean@example.com
974 # role: roles/viewer
975 #
976 #
977 # For a description of IAM and its features, see the
978 # [IAM developer's guide](https://cloud.google.com/iam/docs).
979 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
980 { # Specifies the audit configuration for a service.
981 # The configuration determines which permission types are logged, and what
982 # identities, if any, are exempted from logging.
983 # An AuditConfig must have one or more AuditLogConfigs.
984 #
985 # If there are AuditConfigs for both `allServices` and a specific service,
986 # the union of the two AuditConfigs is used for that service: the log_types
987 # specified in each AuditConfig are enabled, and the exempted_members in each
988 # AuditLogConfig are exempted.
989 #
990 # Example Policy with multiple AuditConfigs:
991 #
992 # {
993 # "audit_configs": [
994 # {
995 # "service": "allServices"
996 # "audit_log_configs": [
997 # {
998 # "log_type": "DATA_READ",
999 # "exempted_members": [
1000 # "user:foo@gmail.com"
1001 # ]
1002 # },
1003 # {
1004 # "log_type": "DATA_WRITE",
1005 # },
1006 # {
1007 # "log_type": "ADMIN_READ",
1008 # }
1009 # ]
1010 # },
1011 # {
1012 # "service": "fooservice.googleapis.com"
1013 # "audit_log_configs": [
1014 # {
1015 # "log_type": "DATA_READ",
1016 # },
1017 # {
1018 # "log_type": "DATA_WRITE",
1019 # "exempted_members": [
1020 # "user:bar@gmail.com"
1021 # ]
1022 # }
1023 # ]
1024 # }
1025 # ]
1026 # }
1027 #
1028 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1029 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1030 # bar@gmail.com from DATA_WRITE logging.
1031 "exemptedMembers": [
1032 "A String",
1033 ],
1034 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1035 { # Provides the configuration for logging a type of permissions.
1036 # Example:
1037 #
1038 # {
1039 # "audit_log_configs": [
1040 # {
1041 # "log_type": "DATA_READ",
1042 # "exempted_members": [
1043 # "user:foo@gmail.com"
1044 # ]
1045 # },
1046 # {
1047 # "log_type": "DATA_WRITE",
1048 # }
1049 # ]
1050 # }
1051 #
1052 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1053 # foo@gmail.com from DATA_READ logging.
1054 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1055 # permission.
1056 # Follows the same format of Binding.members.
1057 "A String",
1058 ],
1059 "logType": "A String", # The log type that this config enables.
1060 },
1061 ],
1062 "service": "A String", # Specifies a service that will be enabled for audit logging.
1063 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1064 # `allServices` is a special value that covers all services.
1065 },
1066 ],
1067 "rules": [ # If more than one rule is specified, the rules are applied in the following
1068 # manner:
1069 # - All matching LOG rules are always applied.
1070 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
1071 # Logging will be applied if one or more matching rule requires logging.
1072 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
1073 # granted.
1074 # Logging will be applied if one or more matching rule requires logging.
1075 # - Otherwise, if no rule applies, permission is denied.
1076 { # A rule to be applied in a Policy.
1077 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
1078 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
1079 # The format for in and not_in entries can be found at in the Local IAM
1080 # documentation (see go/local-iam#features).
1081 "A String",
1082 ],
1083 "description": "A String", # Human-readable description of the rule.
1084 "in": [ # If one or more 'in' clauses are specified, the rule matches if
1085 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
1086 "A String",
1087 ],
1088 "action": "A String", # Required
1089 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the
1090 # rule to match.
1091 { # A condition to be met.
1092 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
1093 # the IAM system for access control.
1094 "iam": "A String", # Trusted attributes supplied by the IAM system.
1095 "values": [ # The objects of the condition.
1096 "A String",
1097 ],
1098 "svc": "A String", # Trusted attributes discharged by the service.
1099 "op": "A String", # An operator to apply the subject with.
1100 },
1101 ],
1102 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
1103 # that match the LOG action.
1104 { # Specifies what kind of log the caller must write
1105 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.
1106 #
1107 # Metric names should start with a '/', generally be lowercase-only,
1108 # and end in "_count". Field names should not contain an initial slash.
1109 # The actual exported metric names will have "/iam/policy" prepended.
1110 #
1111 # Field names correspond to IAM request parameters and field values are
1112 # their respective values.
1113 #
1114 # Supported field names:
1115 # - "authority", which is "[token]" if IAMContext.token is present,
1116 # otherwise the value of IAMContext.authority_selector if present, and
1117 # otherwise a representation of IAMContext.principal; or
1118 # - "iam_principal", a representation of IAMContext.principal even if a
1119 # token or authority selector is present; or
1120 # - "" (empty string), resulting in a counter with no fields.
1121 #
1122 # Examples:
1123 # counter { metric: "/debug_access_count" field: "iam_principal" }
1124 # ==> increment counter /iam/policy/backend_debug_access_count
1125 # {iam_principal=[value of IAMContext.principal]}
1126 #
1127 # At this time we do not support multiple field names (though this may be
1128 # supported in the future).
1129 "field": "A String", # The field value to attribute.
1130 "metric": "A String", # The metric to update.
1131 },
1132 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
1133 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller.
1134 # This is relevant only in the LocalIAM implementation, for now.
1135 },
1136 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
1137 "logName": "A String", # The log_name to populate in the Cloud Audit Record.
1138 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.
1139 "permissionType": "A String", # The type of the permission that was checked.
1140 },
1141 },
1142 },
1143 ],
1144 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
1145 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
1146 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
1147 "A String",
1148 ],
1149 },
1150 ],
1151 "version": 42, # Deprecated.
1152 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1153 # prevent simultaneous updates of a policy from overwriting each other.
1154 # It is strongly suggested that systems make use of the `etag` in the
1155 # read-modify-write cycle to perform policy updates in order to avoid race
1156 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1157 # systems are expected to put that etag in the request to `setIamPolicy` to
1158 # ensure that their change will be applied to the same version of the policy.
1159 #
1160 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1161 # policy is overwritten blindly.
1162 "bindings": [ # Associates a list of `members` to a `role`.
1163 # `bindings` with no members will result in an error.
1164 { # Associates `members` with a `role`.
1165 "role": "A String", # Role that is assigned to `members`.
1166 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1167 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1168 # NOTE: An unsatisfied condition will not allow user access via current
1169 # binding. Different bindings, including their conditions, are examined
1170 # independently.
1171 #
1172 # title: "User account presence"
1173 # description: "Determines whether the request has a user account"
1174 # expression: "size(request.user) > 0"
1175 "description": "A String", # An optional description of the expression. This is a longer text which
1176 # describes the expression, e.g. when hovered over it in a UI.
1177 "expression": "A String", # Textual representation of an expression in
1178 # Common Expression Language syntax.
1179 #
1180 # The application context of the containing message determines which
1181 # well-known feature set of CEL is supported.
1182 "location": "A String", # An optional string indicating the location of the expression for error
1183 # reporting, e.g. a file name and a position in the file.
1184 "title": "A String", # An optional title for the expression, i.e. a short string describing
1185 # its purpose. This can be used e.g. in UIs which allow to enter the
1186 # expression.
1187 },
1188 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1189 # `members` can have the following values:
1190 #
1191 # * `allUsers`: A special identifier that represents anyone who is
1192 # on the internet; with or without a Google account.
1193 #
1194 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1195 # who is authenticated with a Google account or a service account.
1196 #
1197 # * `user:{emailid}`: An email address that represents a specific Google
1198 # account. For example, `alice@gmail.com` .
1199 #
1200 #
1201 # * `serviceAccount:{emailid}`: An email address that represents a service
1202 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1203 #
1204 # * `group:{emailid}`: An email address that represents a Google group.
1205 # For example, `admins@example.com`.
1206 #
1207 #
1208 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1209 # users of that domain. For example, `google.com` or `example.com`.
1210 #
1211 "A String",
1212 ],
1213 },
1214 ],
1215 "iamOwned": True or False,
1216 },
1217 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1218 # the fields in the mask will be modified. If no mask is provided, the
1219 # following default mask is used:
1220 # paths: "bindings, etag"
1221 # This field is only used by Cloud IAM.
1222 }
1223
1224 x__xgafv: string, V1 error format.
1225 Allowed values
1226 1 - v1 error format
1227 2 - v2 error format
1228
1229Returns:
1230 An object of the form:
1231
1232 { # Defines an Identity and Access Management (IAM) policy. It is used to
1233 # specify access control policies for Cloud Platform resources.
1234 #
1235 #
1236 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
1237 # `members` to a `role`, where the members can be user accounts, Google groups,
1238 # Google domains, and service accounts. A `role` is a named list of permissions
1239 # defined by IAM.
1240 #
1241 # **JSON Example**
1242 #
1243 # {
1244 # "bindings": [
1245 # {
1246 # "role": "roles/owner",
1247 # "members": [
1248 # "user:mike@example.com",
1249 # "group:admins@example.com",
1250 # "domain:google.com",
1251 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
1252 # ]
1253 # },
1254 # {
1255 # "role": "roles/viewer",
1256 # "members": ["user:sean@example.com"]
1257 # }
1258 # ]
1259 # }
1260 #
1261 # **YAML Example**
1262 #
1263 # bindings:
1264 # - members:
1265 # - user:mike@example.com
1266 # - group:admins@example.com
1267 # - domain:google.com
1268 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
1269 # role: roles/owner
1270 # - members:
1271 # - user:sean@example.com
1272 # role: roles/viewer
1273 #
1274 #
1275 # For a description of IAM and its features, see the
1276 # [IAM developer's guide](https://cloud.google.com/iam/docs).
1277 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1278 { # Specifies the audit configuration for a service.
1279 # The configuration determines which permission types are logged, and what
1280 # identities, if any, are exempted from logging.
1281 # An AuditConfig must have one or more AuditLogConfigs.
1282 #
1283 # If there are AuditConfigs for both `allServices` and a specific service,
1284 # the union of the two AuditConfigs is used for that service: the log_types
1285 # specified in each AuditConfig are enabled, and the exempted_members in each
1286 # AuditLogConfig are exempted.
1287 #
1288 # Example Policy with multiple AuditConfigs:
1289 #
1290 # {
1291 # "audit_configs": [
1292 # {
1293 # "service": "allServices"
1294 # "audit_log_configs": [
1295 # {
1296 # "log_type": "DATA_READ",
1297 # "exempted_members": [
1298 # "user:foo@gmail.com"
1299 # ]
1300 # },
1301 # {
1302 # "log_type": "DATA_WRITE",
1303 # },
1304 # {
1305 # "log_type": "ADMIN_READ",
1306 # }
1307 # ]
1308 # },
1309 # {
1310 # "service": "fooservice.googleapis.com"
1311 # "audit_log_configs": [
1312 # {
1313 # "log_type": "DATA_READ",
1314 # },
1315 # {
1316 # "log_type": "DATA_WRITE",
1317 # "exempted_members": [
1318 # "user:bar@gmail.com"
1319 # ]
1320 # }
1321 # ]
1322 # }
1323 # ]
1324 # }
1325 #
1326 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1327 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1328 # bar@gmail.com from DATA_WRITE logging.
1329 "exemptedMembers": [
1330 "A String",
1331 ],
1332 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1333 { # Provides the configuration for logging a type of permissions.
1334 # Example:
1335 #
1336 # {
1337 # "audit_log_configs": [
1338 # {
1339 # "log_type": "DATA_READ",
1340 # "exempted_members": [
1341 # "user:foo@gmail.com"
1342 # ]
1343 # },
1344 # {
1345 # "log_type": "DATA_WRITE",
1346 # }
1347 # ]
1348 # }
1349 #
1350 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1351 # foo@gmail.com from DATA_READ logging.
1352 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1353 # permission.
1354 # Follows the same format of Binding.members.
1355 "A String",
1356 ],
1357 "logType": "A String", # The log type that this config enables.
1358 },
1359 ],
1360 "service": "A String", # Specifies a service that will be enabled for audit logging.
1361 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1362 # `allServices` is a special value that covers all services.
1363 },
1364 ],
1365 "rules": [ # If more than one rule is specified, the rules are applied in the following
1366 # manner:
1367 # - All matching LOG rules are always applied.
1368 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
1369 # Logging will be applied if one or more matching rule requires logging.
1370 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
1371 # granted.
1372 # Logging will be applied if one or more matching rule requires logging.
1373 # - Otherwise, if no rule applies, permission is denied.
1374 { # A rule to be applied in a Policy.
1375 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
1376 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
1377 # The format for in and not_in entries can be found at in the Local IAM
1378 # documentation (see go/local-iam#features).
1379 "A String",
1380 ],
1381 "description": "A String", # Human-readable description of the rule.
1382 "in": [ # If one or more 'in' clauses are specified, the rule matches if
1383 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
1384 "A String",
1385 ],
1386 "action": "A String", # Required
1387 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the
1388 # rule to match.
1389 { # A condition to be met.
1390 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
1391 # the IAM system for access control.
1392 "iam": "A String", # Trusted attributes supplied by the IAM system.
1393 "values": [ # The objects of the condition.
1394 "A String",
1395 ],
1396 "svc": "A String", # Trusted attributes discharged by the service.
1397 "op": "A String", # An operator to apply the subject with.
1398 },
1399 ],
1400 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
1401 # that match the LOG action.
1402 { # Specifies what kind of log the caller must write
1403 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.
1404 #
1405 # Metric names should start with a '/', generally be lowercase-only,
1406 # and end in "_count". Field names should not contain an initial slash.
1407 # The actual exported metric names will have "/iam/policy" prepended.
1408 #
1409 # Field names correspond to IAM request parameters and field values are
1410 # their respective values.
1411 #
1412 # Supported field names:
1413 # - "authority", which is "[token]" if IAMContext.token is present,
1414 # otherwise the value of IAMContext.authority_selector if present, and
1415 # otherwise a representation of IAMContext.principal; or
1416 # - "iam_principal", a representation of IAMContext.principal even if a
1417 # token or authority selector is present; or
1418 # - "" (empty string), resulting in a counter with no fields.
1419 #
1420 # Examples:
1421 # counter { metric: "/debug_access_count" field: "iam_principal" }
1422 # ==> increment counter /iam/policy/backend_debug_access_count
1423 # {iam_principal=[value of IAMContext.principal]}
1424 #
1425 # At this time we do not support multiple field names (though this may be
1426 # supported in the future).
1427 "field": "A String", # The field value to attribute.
1428 "metric": "A String", # The metric to update.
1429 },
1430 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
1431 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller.
1432 # This is relevant only in the LocalIAM implementation, for now.
1433 },
1434 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
1435 "logName": "A String", # The log_name to populate in the Cloud Audit Record.
1436 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.
1437 "permissionType": "A String", # The type of the permission that was checked.
1438 },
1439 },
1440 },
1441 ],
1442 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
1443 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
1444 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
1445 "A String",
1446 ],
1447 },
1448 ],
1449 "version": 42, # Deprecated.
1450 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1451 # prevent simultaneous updates of a policy from overwriting each other.
1452 # It is strongly suggested that systems make use of the `etag` in the
1453 # read-modify-write cycle to perform policy updates in order to avoid race
1454 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1455 # systems are expected to put that etag in the request to `setIamPolicy` to
1456 # ensure that their change will be applied to the same version of the policy.
1457 #
1458 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1459 # policy is overwritten blindly.
1460 "bindings": [ # Associates a list of `members` to a `role`.
1461 # `bindings` with no members will result in an error.
1462 { # Associates `members` with a `role`.
1463 "role": "A String", # Role that is assigned to `members`.
1464 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1465 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1466 # NOTE: An unsatisfied condition will not allow user access via current
1467 # binding. Different bindings, including their conditions, are examined
1468 # independently.
1469 #
1470 # title: "User account presence"
1471 # description: "Determines whether the request has a user account"
1472 # expression: "size(request.user) > 0"
1473 "description": "A String", # An optional description of the expression. This is a longer text which
1474 # describes the expression, e.g. when hovered over it in a UI.
1475 "expression": "A String", # Textual representation of an expression in
1476 # Common Expression Language syntax.
1477 #
1478 # The application context of the containing message determines which
1479 # well-known feature set of CEL is supported.
1480 "location": "A String", # An optional string indicating the location of the expression for error
1481 # reporting, e.g. a file name and a position in the file.
1482 "title": "A String", # An optional title for the expression, i.e. a short string describing
1483 # its purpose. This can be used e.g. in UIs which allow to enter the
1484 # expression.
1485 },
1486 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1487 # `members` can have the following values:
1488 #
1489 # * `allUsers`: A special identifier that represents anyone who is
1490 # on the internet; with or without a Google account.
1491 #
1492 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1493 # who is authenticated with a Google account or a service account.
1494 #
1495 # * `user:{emailid}`: An email address that represents a specific Google
1496 # account. For example, `alice@gmail.com` .
1497 #
1498 #
1499 # * `serviceAccount:{emailid}`: An email address that represents a service
1500 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1501 #
1502 # * `group:{emailid}`: An email address that represents a Google group.
1503 # For example, `admins@example.com`.
1504 #
1505 #
1506 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1507 # users of that domain. For example, `google.com` or `example.com`.
1508 #
1509 "A String",
1510 ],
1511 },
1512 ],
1513 "iamOwned": True or False,
1514 }</pre>
1515</div>
1516
1517<div class="method">
1518 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
1519 <pre>Returns permissions that a caller has on the specified resource.
1520If the resource does not exist, this will return an empty set of
1521permissions, not a NOT_FOUND error.
1522
1523Note: This operation is designed to be used for building permission-aware
1524UIs and command-line tools, not for authorization checking. This operation
1525may "fail open" without warning.
1526
1527Args:
1528 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1529See the operation documentation for the appropriate value for this field. (required)
1530 body: object, The request body. (required)
1531 The object takes the form of:
1532
1533{ # Request message for `TestIamPermissions` method.
1534 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
1535 # wildcards (such as '*' or 'storage.*') are not allowed. For more
1536 # information see
1537 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
1538 "A String",
1539 ],
1540 }
1541
1542 x__xgafv: string, V1 error format.
1543 Allowed values
1544 1 - v1 error format
1545 2 - v2 error format
1546
1547Returns:
1548 An object of the form:
1549
1550 { # Response message for `TestIamPermissions` method.
1551 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1552 # allowed.
1553 "A String",
1554 ],
1555 }</pre>
1556</div>
1557
1558<div class="method">
1559 <code class="details" id="upgrade">upgrade(name, body=None, x__xgafv=None)</code>
1560 <pre>Upgrade a single Data Fusion instance.
1561At the end of an operation instance is fully upgraded.
1562
1563Args:
1564 name: string, Name of the Data Fusion instance which need to be upgraded in the form of
1565projects/{project}/locations/{location}/instances/{instance}
1566Instance will be upgraded with the latest stable version of the Data
1567Fusion. (required)
1568 body: object, The request body.
1569 The object takes the form of:
1570
1571{ # Request message for upgrading a Data Fusion instance.
1572 # To change the instance properties, instance update should be used.
1573 }
1574
1575 x__xgafv: string, V1 error format.
1576 Allowed values
1577 1 - v1 error format
1578 2 - v2 error format
1579
1580Returns:
1581 An object of the form:
1582
1583 { # This resource represents a long-running operation that is the result of a
1584 # network API call.
1585 "metadata": { # Service-specific metadata associated with the operation. It typically
1586 # contains progress information and common metadata such as create time.
1587 # Some services might not provide such metadata. Any method that returns a
1588 # long-running operation should document the metadata type, if any.
1589 "a_key": "", # Properties of the object. Contains field @type with type URL.
1590 },
1591 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
1592 # different programming environments, including REST APIs and RPC APIs. It is
1593 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1594 # three pieces of data: error code, error message, and error details.
1595 #
1596 # You can find out more about this error model and how to work with it in the
1597 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1598 "message": "A String", # A developer-facing error message, which should be in English. Any
1599 # user-facing error message should be localized and sent in the
1600 # google.rpc.Status.details field, or localized by the client.
1601 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
1602 "details": [ # A list of messages that carry the error details. There is a common set of
1603 # message types for APIs to use.
1604 {
1605 "a_key": "", # Properties of the object. Contains field @type with type URL.
1606 },
1607 ],
1608 },
1609 "done": True or False, # If the value is `false`, it means the operation is still in progress.
1610 # If `true`, the operation is completed, and either `error` or `response` is
1611 # available.
1612 "response": { # The normal response of the operation in case of success. If the original
1613 # method returns no data on success, such as `Delete`, the response is
1614 # `google.protobuf.Empty`. If the original method is standard
1615 # `Get`/`Create`/`Update`, the response should be the resource. For other
1616 # methods, the response should have the type `XxxResponse`, where `Xxx`
1617 # is the original method name. For example, if the original method name
1618 # is `TakeSnapshot()`, the inferred response type is
1619 # `TakeSnapshotResponse`.
1620 "a_key": "", # Properties of the object. Contains field @type with type URL.
1621 },
1622 "name": "A String", # The server-assigned name, which is only unique within the same service that
1623 # originally returns it. If you use the default HTTP mapping, the
1624 # `name` should be a resource name ending with `operations/{unique_id}`.
1625 }</pre>
1626</div>
1627
1628</body></html>