docs/dyn/accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html

<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="accesscontextmanager_v1beta.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1beta.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1beta.accessPolicies.servicePerimeters.html">servicePerimeters</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Create a Service Perimeter. The</p>
<p class="toc_element">
  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Delete a Service Perimeter by resource</p>
<p class="toc_element">
  <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Get a Service Perimeter by resource</p>
<p class="toc_element">
  <code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Service Perimeters for an</p>
<p class="toc_element">
  <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Update a Service Perimeter. The</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
  <pre>Create a Service Perimeter. The
longrunning operation from this RPC will have a successful status once the
Service Perimeter has
propagated to long-lasting storage. Service Perimeters containing
errors will result in an error response for the first error encountered.

Args:
  parent: string, Required. Resource name for the access policy which owns this Service
Perimeter.

Format: `accessPolicies/{policy_id}` (required)
  body: object, The request body.
    The object takes the form of:

{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
      # import and export data amongst themselves, but not export outside of the
      # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
      # has a target outside of the `ServicePerimeter`, the request will be blocked.
      # Otherwise the request is allowed. There are two types of Service Perimeter -
      # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
      # Google Cloud project can only belong to a single regular Service Perimeter.
      # Service Perimeter Bridges can contain only Google Cloud projects as members,
      # a single Google Cloud project may belong to multiple Service Perimeter
      # Bridges.
    &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
        # restricted/unrestricted services and access levels that determine perimeter
        # content and boundaries.
        # describe specific Service Perimeter configuration.
      &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter
          # restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;.
          #
          # The wildcard means that unless explicitly specified by
          # &quot;restricted_services&quot; list, any service is treated as unrestricted.
        &quot;A String&quot;,
      ],
      &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
          # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
          # must be in the same policy as this `ServicePerimeter`. Referencing a
          # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
          # listed, resources within the perimeter can only be accessed via Google
          # Cloud calls with request origins within the perimeter. Example:
          # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
          # For Service Perimeter Bridge, must be empty.
        &quot;A String&quot;,
      ],
      &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
          # Currently only projects are allowed. Format: `projects/{project_number}`
        &quot;A String&quot;,
      ],
      &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
          # restrictions. Must contain a list of services. For example, if
          # `storage.googleapis.com` is specified, access to the storage buckets
          # inside the perimeter must meet the perimeter&#x27;s access restrictions.
        &quot;A String&quot;,
      ],
      &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
          # Perimeter.
        &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
            # unless &#x27;enable_restriction&#x27; is True.
          &quot;A String&quot;,
        ],
        &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
            # APIs specified in &#x27;allowed_services&#x27;.
      },
    },
    &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is
        # allowed to be a member of single regular perimeter, but multiple service
        # perimeter bridges. A project cannot be a included in a perimeter bridge
        # without being included in regular perimeter. For perimeter bridges,
        # restricted/unrestricted service lists as well as access lists must be
        # empty.
    &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
    &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect
        # behavior.
    &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the ServicePerimeter.  The `short_name`
        # component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
        # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
  }</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
  <pre>Delete a Service Perimeter by resource
name. The longrunning operation from this RPC will have a successful status
once the Service Perimeter has been
removed from long-lasting storage.

Args:
  name: string, Required. Resource name for the Service Perimeter.

Format:
`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
  }</pre>
</div>

<div class="method">
    <code class="details" id="get">get(name, x__xgafv=None)</code>
  <pre>Get a Service Perimeter by resource
name.

Args:
  name: string, Required. Resource name for the Service Perimeter.

Format:
`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
        # import and export data amongst themselves, but not export outside of the
        # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
        # has a target outside of the `ServicePerimeter`, the request will be blocked.
        # Otherwise the request is allowed. There are two types of Service Perimeter -
        # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
        # Google Cloud project can only belong to a single regular Service Perimeter.
        # Service Perimeter Bridges can contain only Google Cloud projects as members,
        # a single Google Cloud project may belong to multiple Service Perimeter
        # Bridges.
      &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
          # restricted/unrestricted services and access levels that determine perimeter
          # content and boundaries.
          # describe specific Service Perimeter configuration.
        &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter
            # restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;.
            #
            # The wildcard means that unless explicitly specified by
            # &quot;restricted_services&quot; list, any service is treated as unrestricted.
          &quot;A String&quot;,
        ],
        &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
            # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
            # must be in the same policy as this `ServicePerimeter`. Referencing a
            # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
            # listed, resources within the perimeter can only be accessed via Google
            # Cloud calls with request origins within the perimeter. Example:
            # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
            # For Service Perimeter Bridge, must be empty.
          &quot;A String&quot;,
        ],
        &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
            # Currently only projects are allowed. Format: `projects/{project_number}`
          &quot;A String&quot;,
        ],
        &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
            # restrictions. Must contain a list of services. For example, if
            # `storage.googleapis.com` is specified, access to the storage buckets
            # inside the perimeter must meet the perimeter&#x27;s access restrictions.
          &quot;A String&quot;,
        ],
        &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
            # Perimeter.
          &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
              # unless &#x27;enable_restriction&#x27; is True.
            &quot;A String&quot;,
          ],
          &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
              # APIs specified in &#x27;allowed_services&#x27;.
        },
      },
      &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is
          # allowed to be a member of single regular perimeter, but multiple service
          # perimeter bridges. A project cannot be a included in a perimeter bridge
          # without being included in regular perimeter. For perimeter bridges,
          # restricted/unrestricted service lists as well as access lists must be
          # empty.
      &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
      &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect
          # behavior.
      &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the ServicePerimeter.  The `short_name`
          # component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
          # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
    }</pre>
</div>

<div class="method">
    <code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>
  <pre>List all Service Perimeters for an
access policy.

Args:
  parent: string, Required. Resource name for the access policy to list Service Perimeters from.

Format:
`accessPolicies/{policy_id}` (required)
  pageToken: string, Next page token for the next batch of Service Perimeter instances.
Defaults to the first page of results.
  pageSize: integer, Number of Service Perimeters to include
in the list. Default 100.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A response to `ListServicePerimetersRequest`.
    &quot;servicePerimeters&quot;: [ # List of the Service Perimeter instances.
      { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
            # import and export data amongst themselves, but not export outside of the
            # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
            # has a target outside of the `ServicePerimeter`, the request will be blocked.
            # Otherwise the request is allowed. There are two types of Service Perimeter -
            # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
            # Google Cloud project can only belong to a single regular Service Perimeter.
            # Service Perimeter Bridges can contain only Google Cloud projects as members,
            # a single Google Cloud project may belong to multiple Service Perimeter
            # Bridges.
          &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
              # restricted/unrestricted services and access levels that determine perimeter
              # content and boundaries.
              # describe specific Service Perimeter configuration.
            &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter
                # restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;.
                #
                # The wildcard means that unless explicitly specified by
                # &quot;restricted_services&quot; list, any service is treated as unrestricted.
              &quot;A String&quot;,
            ],
            &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
                # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
                # must be in the same policy as this `ServicePerimeter`. Referencing a
                # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
                # listed, resources within the perimeter can only be accessed via Google
                # Cloud calls with request origins within the perimeter. Example:
                # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
                # For Service Perimeter Bridge, must be empty.
              &quot;A String&quot;,
            ],
            &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
                # Currently only projects are allowed. Format: `projects/{project_number}`
              &quot;A String&quot;,
            ],
            &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
                # restrictions. Must contain a list of services. For example, if
                # `storage.googleapis.com` is specified, access to the storage buckets
                # inside the perimeter must meet the perimeter&#x27;s access restrictions.
              &quot;A String&quot;,
            ],
            &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
                # Perimeter.
              &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
                  # unless &#x27;enable_restriction&#x27; is True.
                &quot;A String&quot;,
              ],
              &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
                  # APIs specified in &#x27;allowed_services&#x27;.
            },
          },
          &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is
              # allowed to be a member of single regular perimeter, but multiple service
              # perimeter bridges. A project cannot be a included in a perimeter bridge
              # without being included in regular perimeter. For perimeter bridges,
              # restricted/unrestricted service lists as well as access lists must be
              # empty.
          &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
          &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect
              # behavior.
          &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the ServicePerimeter.  The `short_name`
              # component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
              # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
        },
    ],
    &quot;nextPageToken&quot;: &quot;A String&quot;, # The pagination token to retrieve the next page of results. If the value is
        # empty, no further results remain.
  }</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
  <pre>Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call &#x27;execute()&#x27; on to request the next
  page. Returns None if there are no more items in the collection.
    </pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Update a Service Perimeter. The
longrunning operation from this RPC will have a successful status once the
changes to the Service Perimeter have
propagated to long-lasting storage. Service Perimeter containing
errors will result in an error response for the first error encountered.

Args:
  name: string, Required. Resource name for the ServicePerimeter.  The `short_name`
component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` (required)
  body: object, The request body.
    The object takes the form of:

{ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
      # import and export data amongst themselves, but not export outside of the
      # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
      # has a target outside of the `ServicePerimeter`, the request will be blocked.
      # Otherwise the request is allowed. There are two types of Service Perimeter -
      # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
      # Google Cloud project can only belong to a single regular Service Perimeter.
      # Service Perimeter Bridges can contain only Google Cloud projects as members,
      # a single Google Cloud project may belong to multiple Service Perimeter
      # Bridges.
    &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
        # restricted/unrestricted services and access levels that determine perimeter
        # content and boundaries.
        # describe specific Service Perimeter configuration.
      &quot;unrestrictedServices&quot;: [ # Google Cloud services that are not subject to the Service Perimeter
          # restrictions. Deprecated. Must be set to a single wildcard &quot;*&quot;.
          #
          # The wildcard means that unless explicitly specified by
          # &quot;restricted_services&quot; list, any service is treated as unrestricted.
        &quot;A String&quot;,
      ],
      &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
          # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
          # must be in the same policy as this `ServicePerimeter`. Referencing a
          # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
          # listed, resources within the perimeter can only be accessed via Google
          # Cloud calls with request origins within the perimeter. Example:
          # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
          # For Service Perimeter Bridge, must be empty.
        &quot;A String&quot;,
      ],
      &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
          # Currently only projects are allowed. Format: `projects/{project_number}`
        &quot;A String&quot;,
      ],
      &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
          # restrictions. Must contain a list of services. For example, if
          # `storage.googleapis.com` is specified, access to the storage buckets
          # inside the perimeter must meet the perimeter&#x27;s access restrictions.
        &quot;A String&quot;,
      ],
      &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Beta. Configuration for APIs allowed within Perimeter.
          # Perimeter.
        &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
            # unless &#x27;enable_restriction&#x27; is True.
          &quot;A String&quot;,
        ],
        &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
            # APIs specified in &#x27;allowed_services&#x27;.
      },
    },
    &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is
        # allowed to be a member of single regular perimeter, but multiple service
        # perimeter bridges. A project cannot be a included in a perimeter bridge
        # without being included in regular perimeter. For perimeter bridges,
        # restricted/unrestricted service lists as well as access lists must be
        # empty.
    &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
    &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect
        # behavior.
    &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the ServicePerimeter.  The `short_name`
        # component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
        # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
  }

  updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
  }</pre>
</div>

</body></html>