docs/dyn/cloudidentity_v1.groups.html

<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="cloudidentity_v1.html">Cloud Identity API</a> . <a href="cloudidentity_v1.groups.html">groups</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="cloudidentity_v1.groups.memberships.html">memberships()</a></code>
</p>
<p class="firstline">Returns the memberships Resource.</p>

<p class="toc_element">
  <code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
  <code><a href="#create">create(body=None, initialGroupConfig=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a Group.</p>
<p class="toc_element">
  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a `Group`.</p>
<p class="toc_element">
  <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Retrieves a `Group`.</p>
<p class="toc_element">
  <code><a href="#getSecuritySettings">getSecuritySettings(name, readMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Get Security Settings</p>
<p class="toc_element">
  <code><a href="#list">list(pageSize=None, pageToken=None, parent=None, view=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists the `Group` resources under a customer or namespace.</p>
<p class="toc_element">
  <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#lookup">lookup(groupKey_id=None, groupKey_namespace=None, x__xgafv=None)</a></code></p>
<p class="firstline">Looks up the [resource name](https://cloud.google.com/apis/design/resource_names) of a `Group` by its `EntityKey`.</p>
<p class="toc_element">
  <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates a `Group`.</p>
<p class="toc_element">
  <code><a href="#search">search(pageSize=None, pageToken=None, query=None, view=None, x__xgafv=None)</a></code></p>
<p class="firstline">Searches for `Group` resources matching a specified query.</p>
<p class="toc_element">
  <code><a href="#search_next">search_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#updateSecuritySettings">updateSecuritySettings(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Update Security Settings</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="close">close()</code>
  <pre>Close httplib2 connections.</pre>
</div>

<div class="method">
    <code class="details" id="create">create(body=None, initialGroupConfig=None, x__xgafv=None)</code>
  <pre>Creates a Group.

Args:
  body: object, The request body.
    The object takes the form of:

{ # A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account.
  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was created.
  &quot;description&quot;: &quot;A String&quot;, # An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters.
  &quot;displayName&quot;: &quot;A String&quot;, # The display name of the `Group`.
  &quot;dynamicGroupMetadata&quot;: { # Dynamic group metadata like queries and status. # Optional. Dynamic group metadata like queries and status.
    &quot;queries&quot;: [ # Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups.
      { # Defines a query on a resource.
        &quot;query&quot;: &quot;A String&quot;, # Query that determines the memberships of the dynamic group. Examples: All users with at least one `organizations.department` of engineering. `user.organizations.exists(org, org.department==&#x27;engineering&#x27;)` All users with at least one location that has `area` of `foo` and `building_id` of `bar`. `user.locations.exists(loc, loc.area==&#x27;foo&#x27; &amp;&amp; loc.building_id==&#x27;bar&#x27;)` All users with any variation of the name John Doe (case-insensitive queries add `equalsIgnoreCase()` to the value being queried). `user.name.value.equalsIgnoreCase(&#x27;jOhn DoE&#x27;)`
        &quot;resourceType&quot;: &quot;A String&quot;, # Resource type for the Dynamic Group Query
      },
    ],
    &quot;status&quot;: { # The current status of a dynamic group along with timestamp. # Output only. Status of the dynamic group.
      &quot;status&quot;: &quot;A String&quot;, # Status of the dynamic group.
      &quot;statusTime&quot;: &quot;A String&quot;, # The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created.
    },
  },
  &quot;groupKey&quot;: { # A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. # Required. Immutable. The `EntityKey` of the `Group`.
    &quot;id&quot;: &quot;A String&quot;, # The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
    &quot;namespace&quot;: &quot;A String&quot;, # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
  },
  &quot;labels&quot;: { # Required. One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value.
    &quot;a_key&quot;: &quot;A String&quot;,
  },
  &quot;name&quot;: &quot;A String&quot;, # Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`.
  &quot;parent&quot;: &quot;A String&quot;, # Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
  &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was last updated.
}

  initialGroupConfig: string, Optional. The initial configuration option for the `Group`.
    Allowed values
      INITIAL_GROUP_CONFIG_UNSPECIFIED - Default. Should not be used.
      WITH_INITIAL_OWNER - The end user making the request will be added as the initial owner of the `Group`.
      EMPTY - An empty group is created without any initial owners. This can only be used by admins of the domain.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
  <pre>Deletes a `Group`.

Args:
  name: string, Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group` to retrieve. Must be of the form `groups/{group}`. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="get">get(name, x__xgafv=None)</code>
  <pre>Retrieves a `Group`.

Args:
  name: string, Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group` to retrieve. Must be of the form `groups/{group}`. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account.
  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was created.
  &quot;description&quot;: &quot;A String&quot;, # An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters.
  &quot;displayName&quot;: &quot;A String&quot;, # The display name of the `Group`.
  &quot;dynamicGroupMetadata&quot;: { # Dynamic group metadata like queries and status. # Optional. Dynamic group metadata like queries and status.
    &quot;queries&quot;: [ # Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups.
      { # Defines a query on a resource.
        &quot;query&quot;: &quot;A String&quot;, # Query that determines the memberships of the dynamic group. Examples: All users with at least one `organizations.department` of engineering. `user.organizations.exists(org, org.department==&#x27;engineering&#x27;)` All users with at least one location that has `area` of `foo` and `building_id` of `bar`. `user.locations.exists(loc, loc.area==&#x27;foo&#x27; &amp;&amp; loc.building_id==&#x27;bar&#x27;)` All users with any variation of the name John Doe (case-insensitive queries add `equalsIgnoreCase()` to the value being queried). `user.name.value.equalsIgnoreCase(&#x27;jOhn DoE&#x27;)`
        &quot;resourceType&quot;: &quot;A String&quot;, # Resource type for the Dynamic Group Query
      },
    ],
    &quot;status&quot;: { # The current status of a dynamic group along with timestamp. # Output only. Status of the dynamic group.
      &quot;status&quot;: &quot;A String&quot;, # Status of the dynamic group.
      &quot;statusTime&quot;: &quot;A String&quot;, # The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created.
    },
  },
  &quot;groupKey&quot;: { # A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. # Required. Immutable. The `EntityKey` of the `Group`.
    &quot;id&quot;: &quot;A String&quot;, # The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
    &quot;namespace&quot;: &quot;A String&quot;, # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
  },
  &quot;labels&quot;: { # Required. One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value.
    &quot;a_key&quot;: &quot;A String&quot;,
  },
  &quot;name&quot;: &quot;A String&quot;, # Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`.
  &quot;parent&quot;: &quot;A String&quot;, # Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
  &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was last updated.
}</pre>
</div>

<div class="method">
    <code class="details" id="getSecuritySettings">getSecuritySettings(name, readMask=None, x__xgafv=None)</code>
  <pre>Get Security Settings

Args:
  name: string, Required. The security settings to retrieve. Format: `groups/{group_id}/securitySettings` (required)
  readMask: string, Field-level read mask of which fields to return. &quot;*&quot; returns all fields. If not specified, all fields will be returned. May only contain the following field: `member_restriction`.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The definition of security settings.
  &quot;memberRestriction&quot;: { # The definition of MemberRestriction # The Member Restriction value
    &quot;evaluation&quot;: { # The evaluated state of this restriction. # The evaluated state of this restriction on a group.
      &quot;state&quot;: &quot;A String&quot;, # Output only. The current state of the restriction
    },
    &quot;query&quot;: &quot;A String&quot;, # Member Restriction as defined by CEL expression. Supported restrictions are: `member.customer_id` and `member.type`. Valid values for `member.type` are `1`, `2` and `3`. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively. The value for `member.customer_id` only supports `groupCustomerId()` currently which means the customer id of the group will be used for restriction. Supported operators are `&amp;&amp;`, `||` and `==`, corresponding to AND, OR, and EQUAL. Examples: Allow only service accounts of given customer to be members. `member.type == 2 &amp;&amp; member.customer_id == groupCustomerId()` Allow only users or groups to be members. `member.type == 1 || member.type == 3`
  },
  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the security settings. Shall be of the form `groups/{group_id}/securitySettings`.
}</pre>
</div>

<div class="method">
    <code class="details" id="list">list(pageSize=None, pageToken=None, parent=None, view=None, x__xgafv=None)</code>
  <pre>Lists the `Group` resources under a customer or namespace.

Args:
  pageSize: integer, The maximum number of results to return. Note that the number of results returned may be less than this value even if there are more available results. To fetch all results, clients must continue calling this method repeatedly until the response no longer contains a `next_page_token`. If unspecified, defaults to 200 for `View.BASIC` and to 50 for `View.FULL`. Must not be greater than 1000 for `View.BASIC` or 500 for `View.FULL`.
  pageToken: string, The `next_page_token` value returned from a previous list request, if any.
  parent: string, Required. The parent resource under which to list all `Group` resources. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
  view: string, The level of detail to be returned. If unspecified, defaults to `View.BASIC`.
    Allowed values
      VIEW_UNSPECIFIED - Default. Should not be used.
      BASIC - Only basic resource information is returned.
      FULL - All resource information is returned.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for ListGroups operation.
  &quot;groups&quot;: [ # Groups returned in response to list request. The results are not sorted.
    { # A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account.
      &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was created.
      &quot;description&quot;: &quot;A String&quot;, # An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters.
      &quot;displayName&quot;: &quot;A String&quot;, # The display name of the `Group`.
      &quot;dynamicGroupMetadata&quot;: { # Dynamic group metadata like queries and status. # Optional. Dynamic group metadata like queries and status.
        &quot;queries&quot;: [ # Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups.
          { # Defines a query on a resource.
            &quot;query&quot;: &quot;A String&quot;, # Query that determines the memberships of the dynamic group. Examples: All users with at least one `organizations.department` of engineering. `user.organizations.exists(org, org.department==&#x27;engineering&#x27;)` All users with at least one location that has `area` of `foo` and `building_id` of `bar`. `user.locations.exists(loc, loc.area==&#x27;foo&#x27; &amp;&amp; loc.building_id==&#x27;bar&#x27;)` All users with any variation of the name John Doe (case-insensitive queries add `equalsIgnoreCase()` to the value being queried). `user.name.value.equalsIgnoreCase(&#x27;jOhn DoE&#x27;)`
            &quot;resourceType&quot;: &quot;A String&quot;, # Resource type for the Dynamic Group Query
          },
        ],
        &quot;status&quot;: { # The current status of a dynamic group along with timestamp. # Output only. Status of the dynamic group.
          &quot;status&quot;: &quot;A String&quot;, # Status of the dynamic group.
          &quot;statusTime&quot;: &quot;A String&quot;, # The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created.
        },
      },
      &quot;groupKey&quot;: { # A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. # Required. Immutable. The `EntityKey` of the `Group`.
        &quot;id&quot;: &quot;A String&quot;, # The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
        &quot;namespace&quot;: &quot;A String&quot;, # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
      },
      &quot;labels&quot;: { # Required. One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value.
        &quot;a_key&quot;: &quot;A String&quot;,
      },
      &quot;name&quot;: &quot;A String&quot;, # Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`.
      &quot;parent&quot;: &quot;A String&quot;, # Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
      &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was last updated.
    },
  ],
  &quot;nextPageToken&quot;: &quot;A String&quot;, # Token to retrieve the next page of results, or empty if there are no more results available for listing.
}</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
  <pre>Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call &#x27;execute()&#x27; on to request the next
  page. Returns None if there are no more items in the collection.
    </pre>
</div>

<div class="method">
    <code class="details" id="lookup">lookup(groupKey_id=None, groupKey_namespace=None, x__xgafv=None)</code>
  <pre>Looks up the [resource name](https://cloud.google.com/apis/design/resource_names) of a `Group` by its `EntityKey`.

Args:
  groupKey_id: string, The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
  groupKey_namespace: string, The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The response message for GroupsService.LookupGroupName.
  &quot;name&quot;: &quot;A String&quot;, # The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up `Group`.
}</pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Updates a `Group`.

Args:
  name: string, Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`. (required)
  body: object, The request body.
    The object takes the form of:

{ # A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account.
  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was created.
  &quot;description&quot;: &quot;A String&quot;, # An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters.
  &quot;displayName&quot;: &quot;A String&quot;, # The display name of the `Group`.
  &quot;dynamicGroupMetadata&quot;: { # Dynamic group metadata like queries and status. # Optional. Dynamic group metadata like queries and status.
    &quot;queries&quot;: [ # Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups.
      { # Defines a query on a resource.
        &quot;query&quot;: &quot;A String&quot;, # Query that determines the memberships of the dynamic group. Examples: All users with at least one `organizations.department` of engineering. `user.organizations.exists(org, org.department==&#x27;engineering&#x27;)` All users with at least one location that has `area` of `foo` and `building_id` of `bar`. `user.locations.exists(loc, loc.area==&#x27;foo&#x27; &amp;&amp; loc.building_id==&#x27;bar&#x27;)` All users with any variation of the name John Doe (case-insensitive queries add `equalsIgnoreCase()` to the value being queried). `user.name.value.equalsIgnoreCase(&#x27;jOhn DoE&#x27;)`
        &quot;resourceType&quot;: &quot;A String&quot;, # Resource type for the Dynamic Group Query
      },
    ],
    &quot;status&quot;: { # The current status of a dynamic group along with timestamp. # Output only. Status of the dynamic group.
      &quot;status&quot;: &quot;A String&quot;, # Status of the dynamic group.
      &quot;statusTime&quot;: &quot;A String&quot;, # The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created.
    },
  },
  &quot;groupKey&quot;: { # A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. # Required. Immutable. The `EntityKey` of the `Group`.
    &quot;id&quot;: &quot;A String&quot;, # The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
    &quot;namespace&quot;: &quot;A String&quot;, # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
  },
  &quot;labels&quot;: { # Required. One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value.
    &quot;a_key&quot;: &quot;A String&quot;,
  },
  &quot;name&quot;: &quot;A String&quot;, # Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`.
  &quot;parent&quot;: &quot;A String&quot;, # Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
  &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was last updated.
}

  updateMask: string, Required. The names of fields to update. May only contain the following field names: `display_name`, `description`, `labels`.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="search">search(pageSize=None, pageToken=None, query=None, view=None, x__xgafv=None)</code>
  <pre>Searches for `Group` resources matching a specified query.

Args:
  pageSize: integer, The maximum number of results to return. Note that the number of results returned may be less than this value even if there are more available results. To fetch all results, clients must continue calling this method repeatedly until the response no longer contains a `next_page_token`. If unspecified, defaults to 200 for `GroupView.BASIC` and 50 for `GroupView.FULL`. Must not be greater than 1000 for `GroupView.BASIC` or 500 for `GroupView.FULL`.
  pageToken: string, The `next_page_token` value returned from a previous search request, if any.
  query: string, Required. The search query. Must be specified in [Common Expression Language](https://opensource.google/projects/cel). May only contain equality operators on the parent and inclusion operators on labels (e.g., `parent == &#x27;customers/{customer}&#x27; &amp;&amp; &#x27;cloudidentity.googleapis.com/groups.discussion_forum&#x27; in labels`). The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
  view: string, The level of detail to be returned. If unspecified, defaults to `View.BASIC`.
    Allowed values
      VIEW_UNSPECIFIED - Default. Should not be used.
      BASIC - Only basic resource information is returned.
      FULL - All resource information is returned.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The response message for GroupsService.SearchGroups.
  &quot;groups&quot;: [ # The `Group` resources that match the search query.
    { # A group within the Cloud Identity Groups API. A `Group` is a collection of entities, where each entity is either a user, another group, or a service account.
      &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was created.
      &quot;description&quot;: &quot;A String&quot;, # An extended description to help users determine the purpose of a `Group`. Must not be longer than 4,096 characters.
      &quot;displayName&quot;: &quot;A String&quot;, # The display name of the `Group`.
      &quot;dynamicGroupMetadata&quot;: { # Dynamic group metadata like queries and status. # Optional. Dynamic group metadata like queries and status.
        &quot;queries&quot;: [ # Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups.
          { # Defines a query on a resource.
            &quot;query&quot;: &quot;A String&quot;, # Query that determines the memberships of the dynamic group. Examples: All users with at least one `organizations.department` of engineering. `user.organizations.exists(org, org.department==&#x27;engineering&#x27;)` All users with at least one location that has `area` of `foo` and `building_id` of `bar`. `user.locations.exists(loc, loc.area==&#x27;foo&#x27; &amp;&amp; loc.building_id==&#x27;bar&#x27;)` All users with any variation of the name John Doe (case-insensitive queries add `equalsIgnoreCase()` to the value being queried). `user.name.value.equalsIgnoreCase(&#x27;jOhn DoE&#x27;)`
            &quot;resourceType&quot;: &quot;A String&quot;, # Resource type for the Dynamic Group Query
          },
        ],
        &quot;status&quot;: { # The current status of a dynamic group along with timestamp. # Output only. Status of the dynamic group.
          &quot;status&quot;: &quot;A String&quot;, # Status of the dynamic group.
          &quot;statusTime&quot;: &quot;A String&quot;, # The latest time at which the dynamic group is guaranteed to be in the given status. If status is `UP_TO_DATE`, the latest time at which the dynamic group was confirmed to be up-to-date. If status is `UPDATING_MEMBERSHIPS`, the time at which dynamic group was created.
        },
      },
      &quot;groupKey&quot;: { # A unique identifier for an entity in the Cloud Identity Groups API. An entity can represent either a group with an optional `namespace` or a user without a `namespace`. The combination of `id` and `namespace` must be unique; however, the same `id` can be used with different `namespace`s. # Required. Immutable. The `EntityKey` of the `Group`.
        &quot;id&quot;: &quot;A String&quot;, # The ID of the entity. For Google-managed entities, the `id` should be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source&#x27;s requirements. Must be unique within a `namespace`.
        &quot;namespace&quot;: &quot;A String&quot;, # The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source}`.
      },
      &quot;labels&quot;: { # Required. One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. Google Groups are the default type of group and have a label with a key of `cloudidentity.googleapis.com/groups.discussion_forum` and an empty value. Existing Google Groups can have an additional label with a key of `cloudidentity.googleapis.com/groups.security` and an empty value added to them. **This is an immutable change and the security label cannot be removed once added.** Dynamic groups have a label with a key of `cloudidentity.googleapis.com/groups.dynamic`. Identity-mapped groups for Cloud Search have a label with a key of `system/groups/external` and an empty value.
        &quot;a_key&quot;: &quot;A String&quot;,
      },
      &quot;name&quot;: &quot;A String&quot;, # Output only. The [resource name](https://cloud.google.com/apis/design/resource_names) of the `Group`. Shall be of the form `groups/{group}`.
      &quot;parent&quot;: &quot;A String&quot;, # Required. Immutable. The resource name of the entity under which this `Group` resides in the Cloud Identity resource hierarchy. Must be of the form `identitysources/{identity_source}` for external- identity-mapped groups or `customers/{customer}` for Google Groups. The `customer` must begin with &quot;C&quot; (for example, &#x27;C046psxkn&#x27;).
      &quot;updateTime&quot;: &quot;A String&quot;, # Output only. The time when the `Group` was last updated.
    },
  ],
  &quot;nextPageToken&quot;: &quot;A String&quot;, # A continuation token to retrieve the next page of results, or empty if there are no more results available.
}</pre>
</div>

<div class="method">
    <code class="details" id="search_next">search_next(previous_request, previous_response)</code>
  <pre>Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call &#x27;execute()&#x27; on to request the next
  page. Returns None if there are no more items in the collection.
    </pre>
</div>

<div class="method">
    <code class="details" id="updateSecuritySettings">updateSecuritySettings(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Update Security Settings

Args:
  name: string, Output only. The resource name of the security settings. Shall be of the form `groups/{group_id}/securitySettings`. (required)
  body: object, The request body.
    The object takes the form of:

{ # The definition of security settings.
  &quot;memberRestriction&quot;: { # The definition of MemberRestriction # The Member Restriction value
    &quot;evaluation&quot;: { # The evaluated state of this restriction. # The evaluated state of this restriction on a group.
      &quot;state&quot;: &quot;A String&quot;, # Output only. The current state of the restriction
    },
    &quot;query&quot;: &quot;A String&quot;, # Member Restriction as defined by CEL expression. Supported restrictions are: `member.customer_id` and `member.type`. Valid values for `member.type` are `1`, `2` and `3`. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively. The value for `member.customer_id` only supports `groupCustomerId()` currently which means the customer id of the group will be used for restriction. Supported operators are `&amp;&amp;`, `||` and `==`, corresponding to AND, OR, and EQUAL. Examples: Allow only service accounts of given customer to be members. `member.type == 2 &amp;&amp; member.customer_id == groupCustomerId()` Allow only users or groups to be members. `member.type == 1 || member.type == 3`
  },
  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the security settings. Shall be of the form `groups/{group_id}/securitySettings`.
}

  updateMask: string, Required. The fully-qualified names of fields to update. May only contain the following field: `member_restriction.query`.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
  &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  &quot;response&quot;: { # The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
  },
}</pre>
</div>

</body></html>