Blame - docs/dyn/healthcare_v1beta1.projects.locations.datasets.html - platform/external/python/google-api-python-client

2020-05-01 07:42:23 -0700

[diff] [blame]

78

<code><a href="healthcare_v1beta1.projects.locations.datasets.annotationStores.html">annotationStores()</a></code>

79

</p>

80

<p class="firstline">Returns the annotationStores Resource.</p>

81

82

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

83

<code><a href="healthcare_v1beta1.projects.locations.datasets.dicomStores.html">dicomStores()</a></code>

84

</p>

85

<p class="firstline">Returns the dicomStores Resource.</p>

86

87

88

<code><a href="healthcare_v1beta1.projects.locations.datasets.fhirStores.html">fhirStores()</a></code>

89

</p>

90

<p class="firstline">Returns the fhirStores Resource.</p>

91

92

93

<code><a href="healthcare_v1beta1.projects.locations.datasets.hl7V2Stores.html">hl7V2Stores()</a></code>

94

</p>

95

<p class="firstline">Returns the hl7V2Stores Resource.</p>

96

97

98

<code><a href="healthcare_v1beta1.projects.locations.datasets.operations.html">operations()</a></code>

99

</p>

100

<p class="firstline">Returns the operations Resource.</p>

101

102

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

103

<code><a href="#create">create(parent, body=None, datasetId=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

104

<p class="firstline">Creates a new health dataset. Results are returned through the</p>

105

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

106

<code><a href="#deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

107

<p class="firstline">Creates a new dataset containing de-identified data from the source</p>

108

109

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

110

<p class="firstline">Deletes the specified health dataset and all data contained in the dataset.</p>

111

112

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

113

<p class="firstline">Gets any metadata associated with a dataset.</p>

114

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

115

<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

116

<p class="firstline">Gets the access control policy for a resource.</p>

117

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

118

<code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

119

<p class="firstline">Lists the health datasets in the current project.</p>

120

121

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

122

<p class="firstline">Retrieves the next page of results.</p>

123

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

124

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

125

<p class="firstline">Updates dataset metadata.</p>

126

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

127

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

128

<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>

129

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

130

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

131

<p class="firstline">Returns permissions that a caller has on the specified resource.</p>

132

<h3>Method Details</h3>

133

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

134

<code class="details" id="create">create(parent, body=None, datasetId=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

135

<pre>Creates a new health dataset. Results are returned through the

136

Operation interface which returns either an

137

`Operation.response` which contains a Dataset or

138

`Operation.error`. The metadata

139

field type is OperationMetadata.

140

A Google Cloud Platform project can contain up to 500 datasets across all

141

regions.

142

143

Args:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

144

parent: string, The name of the project where the server creates the dataset. For

145

example, `projects/{project_id}/locations/{location_id}`. (required)

146

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

147

The object takes the form of:

148

149

{ # A message representing a health dataset.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

150

#

151

# A health dataset represents a collection of healthcare data pertaining to one

152

# or more patients. This may include multiple modalities of healthcare data,

153

# such as electronic medical records or medical imaging data.

154

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

155

# time zone name such as "America/New_York" or empty, which defaults to UTC.

156

# This is used for parsing times in resources, such as HL7 messages, where no

157

# explicit timezone is specified.

158

"name": "A String", # Resource name of the dataset, of the form

159

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

160

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

161

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

162

datasetId: string, The ID of the dataset that is being created.

163

The string must match the following regex: `[\p{L}\p{N}_\-\.]{1,256}`.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

164

x__xgafv: string, V1 error format.

165

Allowed values

166

1 - v1 error format

167

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

168

169

Returns:

170

An object of the form:

171

172

{ # This resource represents a long-running operation that is the result of a

173

# network API call.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

174

"done": True or False, # If the value is `false`, it means the operation is still in progress.

175

# If `true`, the operation is completed, and either `error` or `response` is

176

# available.

177

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

178

# different programming environments, including REST APIs and RPC APIs. It is

179

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

180

# three pieces of data: error code, error message, and error details.

181

#

182

# You can find out more about this error model and how to work with it in the

183

# [API Design Guide](https://cloud.google.com/apis/design/errors).

184

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

185

"message": "A String", # A developer-facing error message, which should be in English. Any

186

# user-facing error message should be localized and sent in the

187

# google.rpc.Status.details field, or localized by the client.

188

"details": [ # A list of messages that carry the error details. There is a common set of

189

# message types for APIs to use.

190

{

191

"a_key": "", # Properties of the object. Contains field @type with type URL.

192

},

193

],

194

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

195

"metadata": { # Service-specific metadata associated with the operation. It typically

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

196

# contains progress information and common metadata such as create time.

197

# Some services might not provide such metadata. Any method that returns a

198

# long-running operation should document the metadata type, if any.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

199

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

200

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

201

"name": "A String", # The server-assigned name, which is only unique within the same service that

202

# originally returns it. If you use the default HTTP mapping, the

203

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

204

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

205

# method returns no data on success, such as `Delete`, the response is

206

# `google.protobuf.Empty`. If the original method is standard

207

# `Get`/`Create`/`Update`, the response should be the resource. For other

208

# methods, the response should have the type `XxxResponse`, where `Xxx`

209

# is the original method name. For example, if the original method name

210

# is `TakeSnapshot()`, the inferred response type is

211

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

212

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

213

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

218

<code class="details" id="deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

219

<pre>Creates a new dataset containing de-identified data from the source

220

dataset. The metadata field type

221

is OperationMetadata.

222

If the request is successful, the

223

response field type is

224

DeidentifySummary.

225

If errors occur,

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

226

error

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

227

details field type is

228

DeidentifyErrorDetails.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

229

The LRO result may still be successful if de-identification fails for some

230

DICOM instances. The new de-identified dataset will not contain these

231

failed resources. Failed resource totals are tracked in

232

DeidentifySummary.failure_resource_count.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

233

Error details are also logged to Cloud Logging. For more information,

234

see [Viewing logs](/healthcare/docs/how-tos/logging).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

235

236

Args:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

237

sourceDataset: string, Source dataset resource name. For example,

238

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

239

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

240

The object takes the form of:

241

242

{ # Redacts identifying information from the specified dataset.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

243

"config": { # Configures de-id options specific to different types of content. # Deidentify configuration.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

244

# Each submessage customizes the handling of an

245

# https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are

246

# applied in a nested manner at runtime.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

247

"dicom": { # Specifies the parameters needed for de-identification of DICOM stores. # Configures de-id of application/DICOM content.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

248

"removeList": { # List of tags to be filtered. # List of tags to remove. Keep all other tags.

249

"tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta

250

# Elements, or Directory Structuring Elements, as defined at:

251

# http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.

252

# They may be provided by "Keyword" or "Tag". For example, "PatientID",

# "00100010".

"A String",

],

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

257

"keepList": { # List of tags to be filtered. # List of tags to keep. Remove all other tags.

258

"tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta

259

# Elements, or Directory Structuring Elements, as defined at:

260

# http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.

261

# They may be provided by "Keyword" or "Tag". For example, "PatientID",

# "00100010".

"A String",

],

},

"filterProfile": "A String", # Tag filtering profile that determines which tags to keep/remove.

267

"skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID,

268

# SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched.

269

# The Cloud Healthcare API regenerates these UIDs by default based on the

270

# DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly

271

# to an individual out of context, given access to the original images, or

272

# to a database of the original images containing the UIDs, it would be

273

# possible to recover the individual's identity."

274

# http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html

275

},

276

"image": { # Specifies how to handle de-identification of image pixels. # Configures de-identification of image pixels wherever they are found in the

277

# source_dataset.

278

"textRedactionMode": "A String", # Determines how to redact text from image.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

279

},

280

"fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.

281

"fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that

282

# is not matched by a FieldMetadata is passed through to the output

283

# dataset unmodified. All extensions are removed in the output.

284

# If a field can be matched by more than one FieldMetadata, the first

285

# FieldMetadata.Action is applied.

286

{ # Specifies FHIR paths to match, and how to handle de-identification of

287

# matching fields.

288

"paths": [ # List of paths to FHIR fields to redact. Each path is a

289

# period-separated list where each component is either a field name or

290

# FHIR type name. All types begin with an upper case letter. For example,

291

# the resource field "Patient.Address.city", which uses a string type,

292

# can be matched by "Patient.Address.String". Path also supports partial

293

# matching. For example, "Patient.Address.city" can be matched by

294

# "Address.city" (Patient omitted). Partial matching and type matching

295

# can be combined. For example, "Patient.Address.city" can be matched by

296

# "Address.String". For "choice" types (those defined in the FHIR spec

297

# with the form: field[x]), use two separate components. For example,

298

# "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types

299

# are: AdministrativeGenderCode, Code, Date, DateTime, Decimal,

300

# HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml.

301

# The sub-type for HumanName, such as HumanName.given or

302

# HumanName.family, can be omitted.

303

"A String",

304

],

305

"action": "A String", # Deidentify action for one field.

306

},

307

],

308

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

309

"annotation": { # Specifies how to store annotations during de-identification operation. # Configures how annotations, meaning that the location and infoType

310

# of sensitive information findings, are created during de-identification.

311

# If unspecified, no annotations are created.

312

"storeQuote": True or False, # If set to true, the sensitive texts are included in

313

# SensitiveTextAnnotation

314

# of Annotation.

315

"annotationStoreName": "A String", # The name of the annotation store, in the form

316

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/annotationStores/{annotation_store_id}`).

317

#

318

# * The destination annotation store must be in the same project as the

319

# source data. De-identifying data across multiple projects is not

320

# supported.

321

# * The destination annotation store must exist when using

322

# DeidentifyDicomStore or

323

# DeidentifyFhirStore.

324

# DeidentifyDataset

325

# automatically creates the destination annotation store.

326

},

327

"text": { # Configures de-identification of text wherever it is found in the

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

328

# source_dataset.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

329

"transformations": [ # The transformations to apply to the detected data.

330

{ # A transformation to apply to text that is identified as a specific

331

# info_type.

332

"replaceWithInfoTypeConfig": { # When using the # Config for replace with InfoType.

333

# INSPECT_AND_TRANSFORM

334

# action, each match is replaced with the name of the info_type. For example,

335

# "My name is Jane" becomes "My name is [PERSON_NAME]." The

336

# TRANSFORM

337

# action is equivalent to redacting.

338

},

339

"characterMaskConfig": { # Mask a string by replacing its characters with a fixed character. # Config for character mask.

340

"maskingCharacter": "A String", # Character to mask the sensitive values. If not supplied, defaults to "*".

341

},

342

"redactConfig": { # Define how to redact sensitive values. Default behaviour is erase. # Config for text redaction.

343

# For example, "My name is Jane." becomes "My name is ."

344

},

345

"infoTypes": [ # InfoTypes to apply this transformation to. If this is not specified, this

346

# transformation becomes the default transformation, and is used for any

347

# info_type that is not specified in another transformation.

348

"A String",

349

],

350

"dateShiftConfig": { # Shift a date forward or backward in time by a random amount which is # Config for date shift.

351

# consistent for a given patient and crypto key combination.

352

"cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the shift to be computed based on this

353

# key and the patient ID. A default key is generated for each

354

# Deidentify operation and is used wherever crypto_key is not specified.

355

},

356

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Config for crypto hash.

357

# Uses SHA-256.

358

# Outputs a base64-encoded representation of the hashed output.

359

# For example, `L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=`.

360

"cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the hash to be computed based on this

361

# key. A default key is generated for each Deidentify operation and is used

362

# wherever crypto_key is not specified.

363

},

364

},

365

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

366

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

367

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

368

"destinationDataset": "A String", # The name of the dataset resource to create and write the redacted data to.

369

#

370

# * The destination dataset must not exist.

371

# * The destination dataset must be in the same project and location as the

372

# source dataset. De-identifying data across multiple projects or locations

373

# is not supported.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

374

}

375

376

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

383

384

{ # This resource represents a long-running operation that is the result of a

385

# network API call.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

386

"done": True or False, # If the value is `false`, it means the operation is still in progress.

387

# If `true`, the operation is completed, and either `error` or `response` is

388

# available.

389

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

390

# different programming environments, including REST APIs and RPC APIs. It is

391

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

392

# three pieces of data: error code, error message, and error details.

393

#

394

# You can find out more about this error model and how to work with it in the

395

# [API Design Guide](https://cloud.google.com/apis/design/errors).

396

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

397

"message": "A String", # A developer-facing error message, which should be in English. Any

398

# user-facing error message should be localized and sent in the

399

# google.rpc.Status.details field, or localized by the client.

400

"details": [ # A list of messages that carry the error details. There is a common set of

401

# message types for APIs to use.

402

{

403

"a_key": "", # Properties of the object. Contains field @type with type URL.

404

},

405

],

406

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

407

"metadata": { # Service-specific metadata associated with the operation. It typically

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

408

# contains progress information and common metadata such as create time.

409

# Some services might not provide such metadata. Any method that returns a

410

# long-running operation should document the metadata type, if any.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

411

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

412

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

413

"name": "A String", # The server-assigned name, which is only unique within the same service that

414

# originally returns it. If you use the default HTTP mapping, the

415

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

416

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

417

# method returns no data on success, such as `Delete`, the response is

418

# `google.protobuf.Empty`. If the original method is standard

419

# `Get`/`Create`/`Update`, the response should be the resource. For other

420

# methods, the response should have the type `XxxResponse`, where `Xxx`

421

# is the original method name. For example, if the original method name

422

# is `TakeSnapshot()`, the inferred response type is

423

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

424

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

425

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

431

<pre>Deletes the specified health dataset and all data contained in the dataset.

432

Deleting a dataset does not affect the sources from which the dataset was

433

imported (if any).

434

435

Args:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

436

437

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

438

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

445

446

{ # A generic empty message that you can re-use to avoid defining duplicated

447

# empty messages in your APIs. A typical example is to use it as the request

448

# or the response type of an API method. For instance:

449

#

450

# service Foo {

451

# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);

452

# }

453

#

454

# The JSON representation for `Empty` is empty JSON object `{}`.

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

460

<pre>Gets any metadata associated with a dataset.

461

462

Args:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

463

464

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

465

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

472

473

{ # A message representing a health dataset.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

474

#

475

# A health dataset represents a collection of healthcare data pertaining to one

476

# or more patients. This may include multiple modalities of healthcare data,

477

# such as electronic medical records or medical imaging data.

478

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

479

# time zone name such as "America/New_York" or empty, which defaults to UTC.

480

# This is used for parsing times in resources, such as HL7 messages, where no

481

# explicit timezone is specified.

482

"name": "A String", # Resource name of the dataset, of the form

483

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

484

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

488

<code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

489

<pre>Gets the access control policy for a resource.

490

Returns an empty policy if the resource exists and does not have a policy

set.

Args:

resource: string, REQUIRED: The resource for which the policy is being requested.

495

See the operation documentation for the appropriate value for this field. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

496

options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.

497

498

Valid values are 0, 1, and 3. Requests specifying an invalid value will be

499

rejected.

500

501

Requests for policies with any conditional bindings must specify version 3.

502

Policies without any conditional bindings may specify any valid value or

503

leave the field unset.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

504

505

To learn which resources support conditions in their IAM policies, see the

506

[IAM

507

documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

508

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

515

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

516

{ # An Identity and Access Management (IAM) policy, which specifies access

517

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

518

#

519

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

520

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

521

# `members` to a single `role`. Members can be user accounts, service accounts,

522

# Google groups, and domains (such as G Suite). A `role` is a named list of

523

# permissions; each `role` can be an IAM predefined role or a user-created

524

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

525

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

526

# For some types of Google Cloud resources, a `binding` can also specify a

527

# `condition`, which is a logical expression that allows access to a resource

528

# only if the expression evaluates to `true`. A condition can add constraints

529

# based on attributes of the request, the resource, or both. To learn which

530

# resources support conditions in their IAM policies, see the

531

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

532

#

533

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

534

#

535

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

536

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

537

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

538

# "role": "roles/resourcemanager.organizationAdmin",

539

# "members": [

540

# "user:mike@example.com",

541

# "group:admins@example.com",

542

# "domain:google.com",

543

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

544

# ]

545

# },

546

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

547

# "role": "roles/resourcemanager.organizationViewer",

548

# "members": [

549

# "user:eve@example.com"

550

# ],

551

# "condition": {

552

# "title": "expirable access",

553

# "description": "Does not grant access after Sep 2020",

554

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

555

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

556

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

557

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

558

# "etag": "BwWWja0YfJA=",

559

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

560

# }

561

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

562

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

567

# - group:admins@example.com

568

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

569

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

570

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

571

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

572

# - user:eve@example.com

573

# role: roles/resourcemanager.organizationViewer

574

# condition:

575

# title: expirable access

576

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

577

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

578

# - etag: BwWWja0YfJA=

579

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

580

#

581

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

582

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

583

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

584

# `condition` that determines how and when the `bindings` are applied. Each

585

# of the `bindings` must contain at least one member.

586

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

587

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

588

#

589

# If the condition evaluates to `true`, then this binding applies to the

590

# current request.

591

#

592

# If the condition evaluates to `false`, then this binding does not apply to

593

# the current request. However, a different role binding might grant the same

594

# role to one or more of the members in this binding.

595

#

596

# To learn which resources support conditions in their IAM policies, see the

597

# [IAM

598

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

599

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

600

# are documented at https://github.com/google/cel-spec.

601

#

602

# Example (Comparison):

603

#

604

# title: "Summary size limit"

605

# description: "Determines if a summary is less than 100 chars"

606

# expression: "document.summary.size() < 100"

607

#

608

# Example (Equality):

609

#

610

# title: "Requestor is owner"

611

# description: "Determines if requestor is the document owner"

612

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

617

# description: "Determine whether the document should be publicly visible"

618

# expression: "document.type != 'private' && document.type != 'internal'"

619

#

620

# Example (Data Manipulation):

621

#

622

# title: "Notification string"

623

# description: "Create a notification string with a timestamp."

624

# expression: "'New message received at ' + string(document.create_time)"

625

#

626

# The exact variables and functions that may be referenced within an expression

627

# are determined by the service that evaluates it. See the service

628

# documentation for additional information.

629

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

630

# its purpose. This can be used e.g. in UIs which allow to enter the

631

# expression.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

632

"description": "A String", # Optional. Description of the expression. This is a longer text which

633

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

634

"expression": "A String", # Textual representation of an expression in Common Expression Language

635

# syntax.

636

"location": "A String", # Optional. String indicating the location of the expression for error

637

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

638

},

639

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

640

# `members` can have the following values:

641

#

642

# * `allUsers`: A special identifier that represents anyone who is

643

# on the internet; with or without a Google account.

644

#

645

# * `allAuthenticatedUsers`: A special identifier that represents anyone

646

# who is authenticated with a Google account or a service account.

647

#

648

# * `user:{emailid}`: An email address that represents a specific Google

649

# account. For example, `alice@example.com` .

650

#

651

#

652

# * `serviceAccount:{emailid}`: An email address that represents a service

653

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

654

#

655

# * `group:{emailid}`: An email address that represents a Google group.

656

# For example, `admins@example.com`.

657

#

658

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

659

# identifier) representing a user that has been recently deleted. For

660

# example, `alice@example.com?uid=123456789012345678901`. If the user is

661

# recovered, this value reverts to `user:{emailid}` and the recovered user

662

# retains the role in the binding.

663

#

664

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

665

# unique identifier) representing a service account that has been recently

666

# deleted. For example,

667

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

668

# If the service account is undeleted, this value reverts to

669

# `serviceAccount:{emailid}` and the undeleted service account retains the

670

# role in the binding.

671

#

672

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

673

# identifier) representing a Google group that has been recently

674

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

675

# the group is recovered, this value reverts to `group:{emailid}` and the

676

# recovered group retains the role in the binding.

677

#

678

#

679

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

680

# users of that domain. For example, `google.com` or `example.com`.

681

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

682

"A String",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

683

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

684

"role": "A String", # Role that is assigned to `members`.

685

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

686

},

687

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

688

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

689

# prevent simultaneous updates of a policy from overwriting each other.

690

# It is strongly suggested that systems make use of the `etag` in the

691

# read-modify-write cycle to perform policy updates in order to avoid race

692

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

693

# systems are expected to put that etag in the request to `setIamPolicy` to

694

# ensure that their change will be applied to the same version of the policy.

695

#

696

# **Important:** If you use IAM Conditions, you must include the `etag` field

697

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

698

# you to overwrite a version `3` policy with a version `1` policy, and all of

699

# the conditions in the version `3` policy are lost.

700

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

701

{ # Specifies the audit configuration for a service.

702

# The configuration determines which permission types are logged, and what

703

# identities, if any, are exempted from logging.

704

# An AuditConfig must have one or more AuditLogConfigs.

705

#

706

# If there are AuditConfigs for both `allServices` and a specific service,

707

# the union of the two AuditConfigs is used for that service: the log_types

708

# specified in each AuditConfig are enabled, and the exempted_members in each

709

# AuditLogConfig are exempted.

710

#

711

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

717

# "audit_log_configs": [

718

# {

719

# "log_type": "DATA_READ",

720

# "exempted_members": [

721

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

726

# },

727

# {

728

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

734

# "audit_log_configs": [

735

# {

736

# "log_type": "DATA_READ"

737

# },

738

# {

739

# "log_type": "DATA_WRITE",

740

# "exempted_members": [

741

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

750

# logging. It also exempts jose@example.com from DATA_READ logging, and

751

# aliya@example.com from DATA_WRITE logging.

752

"auditLogConfigs": [ # The configuration for logging of each type of permission.

753

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

758

# {

759

# "log_type": "DATA_READ",

760

# "exempted_members": [

761

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

771

# jose@example.com from DATA_READ logging.

772

"logType": "A String", # The log type that this config enables.

773

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

774

# permission.

775

# Follows the same format of Binding.members.

"A String",

],

},

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

781

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

782

# `allServices` is a special value that covers all services.

783

},

784

],

785

"version": 42, # Specifies the format of the policy.

786

#

787

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

788

# are rejected.

789

#

790

# Any operation that affects conditional role bindings must specify version

791

# `3`. This requirement applies to the following operations:

792

#

793

# * Getting a policy that includes a conditional role binding

794

# * Adding a conditional role binding to a policy

795

# * Changing a conditional role binding in a policy

796

# * Removing any role binding, with or without a condition, from a policy

797

# that includes conditions

798

#

799

# **Important:** If you use IAM Conditions, you must include the `etag` field

800

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

801

# you to overwrite a version `3` policy with a version `1` policy, and all of

802

# the conditions in the version `3` policy are lost.

803

#

804

# If a policy does not include any conditions, operations on that policy may

805

# specify any valid version or leave the field unset.

806

#

807

# To learn which resources support conditions in their IAM policies, see the

808

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

813

<code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

814

<pre>Lists the health datasets in the current project.

815

816

Args:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

817

parent: string, The name of the project whose datasets should be listed.

818

For example, `projects/{project_id}/locations/{location_id}`. (required)

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

819

pageSize: integer, The maximum number of items to return. Capped to 100 if not specified.

820

May not be larger than 1000.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

821

pageToken: string, The next_page_token value returned from a previous List request, if any.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

822

x__xgafv: string, V1 error format.

823

Allowed values

824

1 - v1 error format

825

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

826

827

Returns:

828

An object of the form:

829

830

{ # Lists the available datasets.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

831

"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no

832

# more results in the list.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

833

"datasets": [ # The first page of datasets.

834

{ # A message representing a health dataset.

835

#

836

# A health dataset represents a collection of healthcare data pertaining to one

837

# or more patients. This may include multiple modalities of healthcare data,

838

# such as electronic medical records or medical imaging data.

839

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

840

# time zone name such as "America/New_York" or empty, which defaults to UTC.

841

# This is used for parsing times in resources, such as HL7 messages, where no

842

# explicit timezone is specified.

843

"name": "A String", # Resource name of the dataset, of the form

844

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

845

},

846

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

852

<pre>Retrieves the next page of results.

853

854

Args:

855

previous_request: The request for the previous page. (required)

856

previous_response: The response from the request for the previous page. (required)

857

858

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

859

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

860

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

865

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

866

<pre>Updates dataset metadata.

867

868

Args:

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

869

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

870

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

871

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

872

The object takes the form of:

873

874

{ # A message representing a health dataset.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

875

#

876

# A health dataset represents a collection of healthcare data pertaining to one

877

# or more patients. This may include multiple modalities of healthcare data,

878

# such as electronic medical records or medical imaging data.

879

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

880

# time zone name such as "America/New_York" or empty, which defaults to UTC.

881

# This is used for parsing times in resources, such as HL7 messages, where no

882

# explicit timezone is specified.

883

"name": "A String", # Resource name of the dataset, of the form

884

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

885

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

886

887

updateMask: string, The update mask applies to the resource. For the `FieldMask` definition,

888

see

889

https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

890

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

897

898

{ # A message representing a health dataset.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

899

#

900

# A health dataset represents a collection of healthcare data pertaining to one

901

# or more patients. This may include multiple modalities of healthcare data,

902

# such as electronic medical records or medical imaging data.

903

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

904

# time zone name such as "America/New_York" or empty, which defaults to UTC.

905

# This is used for parsing times in resources, such as HL7 messages, where no

906

# explicit timezone is specified.

907

"name": "A String", # Resource name of the dataset, of the form

908

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

909

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

913

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

914

<pre>Sets the access control policy on the specified resource. Replaces any

915

existing policy.

916

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

917

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

918

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

919

Args:

920

resource: string, REQUIRED: The resource for which the policy is being specified.

921

See the operation documentation for the appropriate value for this field. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

922

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

923

The object takes the form of:

924

925

{ # Request message for `SetIamPolicy` method.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

926

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

927

# the fields in the mask will be modified. If no mask is provided, the

928

# following default mask is used:

929

#

930

# `paths: "bindings, etag"`

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

931

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

932

# the policy is limited to a few 10s of KB. An empty policy is a

933

# valid policy but certain Cloud Platform services (such as Projects)

934

# might reject them.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

935

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

936

#

937

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

938

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

939

# `members` to a single `role`. Members can be user accounts, service accounts,

940

# Google groups, and domains (such as G Suite). A `role` is a named list of

941

# permissions; each `role` can be an IAM predefined role or a user-created

942

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

943

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

944

# For some types of Google Cloud resources, a `binding` can also specify a

945

# `condition`, which is a logical expression that allows access to a resource

946

# only if the expression evaluates to `true`. A condition can add constraints

947

# based on attributes of the request, the resource, or both. To learn which

948

# resources support conditions in their IAM policies, see the

949

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

950

#

951

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

952

#

953

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

954

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

955

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

956

# "role": "roles/resourcemanager.organizationAdmin",

957

# "members": [

958

# "user:mike@example.com",

959

# "group:admins@example.com",

960

# "domain:google.com",

961

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

962

# ]

963

# },

964

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

965

# "role": "roles/resourcemanager.organizationViewer",

966

# "members": [

967

# "user:eve@example.com"

968

# ],

969

# "condition": {

970

# "title": "expirable access",

971

# "description": "Does not grant access after Sep 2020",

972

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

973

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

974

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

975

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

976

# "etag": "BwWWja0YfJA=",

977

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

978

# }

979

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

980

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

985

# - group:admins@example.com

986

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

987

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

988

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

989

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

990

# - user:eve@example.com

991

# role: roles/resourcemanager.organizationViewer

992

# condition:

993

# title: expirable access

994

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

995

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

996

# - etag: BwWWja0YfJA=

997

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

998

#

999

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1000

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1001

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1002

# `condition` that determines how and when the `bindings` are applied. Each

1003

# of the `bindings` must contain at least one member.

1004

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1005

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1006

#

1007

# If the condition evaluates to `true`, then this binding applies to the

1008

# current request.

1009

#

1010

# If the condition evaluates to `false`, then this binding does not apply to

1011

# the current request. However, a different role binding might grant the same

1012

# role to one or more of the members in this binding.

1013

#

1014

# To learn which resources support conditions in their IAM policies, see the

1015

# [IAM

1016

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1017

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1018

# are documented at https://github.com/google/cel-spec.

1019

#

1020

# Example (Comparison):

1021

#

1022

# title: "Summary size limit"

1023

# description: "Determines if a summary is less than 100 chars"

1024

# expression: "document.summary.size() < 100"

1025

#

1026

# Example (Equality):

1027

#

1028

# title: "Requestor is owner"

1029

# description: "Determines if requestor is the document owner"

1030

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1035

# description: "Determine whether the document should be publicly visible"

1036

# expression: "document.type != 'private' && document.type != 'internal'"

1037

#

1038

# Example (Data Manipulation):

1039

#

1040

# title: "Notification string"

1041

# description: "Create a notification string with a timestamp."

1042

# expression: "'New message received at ' + string(document.create_time)"

1043

#

1044

# The exact variables and functions that may be referenced within an expression

1045

# are determined by the service that evaluates it. See the service

1046

# documentation for additional information.

1047

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1048

# its purpose. This can be used e.g. in UIs which allow to enter the

1049

# expression.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1050

"description": "A String", # Optional. Description of the expression. This is a longer text which

1051

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1052

"expression": "A String", # Textual representation of an expression in Common Expression Language

1053

# syntax.

1054

"location": "A String", # Optional. String indicating the location of the expression for error

1055

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1056

},

1057

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1058

# `members` can have the following values:

1059

#

1060

# * `allUsers`: A special identifier that represents anyone who is

1061

# on the internet; with or without a Google account.

1062

#

1063

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1064

# who is authenticated with a Google account or a service account.

1065

#

1066

# * `user:{emailid}`: An email address that represents a specific Google

1067

# account. For example, `alice@example.com` .

1068

#

1069

#

1070

# * `serviceAccount:{emailid}`: An email address that represents a service

1071

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1072

#

1073

# * `group:{emailid}`: An email address that represents a Google group.

1074

# For example, `admins@example.com`.

1075

#

1076

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1077

# identifier) representing a user that has been recently deleted. For

1078

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1079

# recovered, this value reverts to `user:{emailid}` and the recovered user

1080

# retains the role in the binding.

1081

#

1082

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1083

# unique identifier) representing a service account that has been recently

1084

# deleted. For example,

1085

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1086

# If the service account is undeleted, this value reverts to

1087

# `serviceAccount:{emailid}` and the undeleted service account retains the

1088

# role in the binding.

1089

#

1090

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1091

# identifier) representing a Google group that has been recently

1092

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1093

# the group is recovered, this value reverts to `group:{emailid}` and the

1094

# recovered group retains the role in the binding.

1095

#

1096

#

1097

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1098

# users of that domain. For example, `google.com` or `example.com`.

1099

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1100

"A String",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1101

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1102

"role": "A String", # Role that is assigned to `members`.

1103

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1104

},

1105

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1106

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1107

# prevent simultaneous updates of a policy from overwriting each other.

1108

# It is strongly suggested that systems make use of the `etag` in the

1109

# read-modify-write cycle to perform policy updates in order to avoid race

1110

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1111

# systems are expected to put that etag in the request to `setIamPolicy` to

1112

# ensure that their change will be applied to the same version of the policy.

1113

#

1114

# **Important:** If you use IAM Conditions, you must include the `etag` field

1115

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1116

# you to overwrite a version `3` policy with a version `1` policy, and all of

1117

# the conditions in the version `3` policy are lost.

1118

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1119

{ # Specifies the audit configuration for a service.

1120

# The configuration determines which permission types are logged, and what

1121

# identities, if any, are exempted from logging.

1122

# An AuditConfig must have one or more AuditLogConfigs.

1123

#

1124

# If there are AuditConfigs for both `allServices` and a specific service,

1125

# the union of the two AuditConfigs is used for that service: the log_types

1126

# specified in each AuditConfig are enabled, and the exempted_members in each

1127

# AuditLogConfig are exempted.

1128

#

1129

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

1135

# "audit_log_configs": [

1136

# {

1137

# "log_type": "DATA_READ",

1138

# "exempted_members": [

1139

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

1144

# },

1145

# {

1146

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

1152

# "audit_log_configs": [

1153

# {

1154

# "log_type": "DATA_READ"

1155

# },

1156

# {

1157

# "log_type": "DATA_WRITE",

1158

# "exempted_members": [

1159

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1168

# logging. It also exempts jose@example.com from DATA_READ logging, and

1169

# aliya@example.com from DATA_WRITE logging.

1170

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1171

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1176

# {

1177

# "log_type": "DATA_READ",

1178

# "exempted_members": [

1179

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1189

# jose@example.com from DATA_READ logging.

1190

"logType": "A String", # The log type that this config enables.

1191

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1192

# permission.

1193

# Follows the same format of Binding.members.

"A String",

],

},

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

1199

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1200

# `allServices` is a special value that covers all services.

1201

},

1202

],

1203

"version": 42, # Specifies the format of the policy.

1204

#

1205

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1206

# are rejected.

1207

#

1208

# Any operation that affects conditional role bindings must specify version

1209

# `3`. This requirement applies to the following operations:

1210

#

1211

# * Getting a policy that includes a conditional role binding

1212

# * Adding a conditional role binding to a policy

1213

# * Changing a conditional role binding in a policy

1214

# * Removing any role binding, with or without a condition, from a policy

1215

# that includes conditions

1216

#

1217

# **Important:** If you use IAM Conditions, you must include the `etag` field

1218

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1219

# you to overwrite a version `3` policy with a version `1` policy, and all of

1220

# the conditions in the version `3` policy are lost.

1221

#

1222

# If a policy does not include any conditions, operations on that policy may

1223

# specify any valid version or leave the field unset.

1224

#

1225

# To learn which resources support conditions in their IAM policies, see the

1226

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1227

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1228

}

1229

1230

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1237

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1238

{ # An Identity and Access Management (IAM) policy, which specifies access

1239

# controls for Google Cloud resources.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1240

#

1241

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1242

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1243

# `members` to a single `role`. Members can be user accounts, service accounts,

1244

# Google groups, and domains (such as G Suite). A `role` is a named list of

1245

# permissions; each `role` can be an IAM predefined role or a user-created

1246

# custom role.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1247

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1248

# For some types of Google Cloud resources, a `binding` can also specify a

1249

# `condition`, which is a logical expression that allows access to a resource

1250

# only if the expression evaluates to `true`. A condition can add constraints

1251

# based on attributes of the request, the resource, or both. To learn which

1252

# resources support conditions in their IAM policies, see the

1253

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1254

#

1255

# **JSON example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1256

#

1257

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1258

# "bindings": [

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1259

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1260

# "role": "roles/resourcemanager.organizationAdmin",

1261

# "members": [

1262

# "user:mike@example.com",

1263

# "group:admins@example.com",

1264

# "domain:google.com",

1265

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1266

# ]

1267

# },

1268

# {

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1269

# "role": "roles/resourcemanager.organizationViewer",

1270

# "members": [

1271

# "user:eve@example.com"

1272

# ],

1273

# "condition": {

1274

# "title": "expirable access",

1275

# "description": "Does not grant access after Sep 2020",

1276

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1277

# }

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1278

# }

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1279

# ],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1280

# "etag": "BwWWja0YfJA=",

1281

# "version": 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1282

# }

1283

#

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1284

# **YAML example:**

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

#

# bindings:

# - members:

# - user:mike@example.com

1289

# - group:admins@example.com

1290

# - domain:google.com

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1291

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1292

# role: roles/resourcemanager.organizationAdmin

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1293

# - members:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1294

# - user:eve@example.com

1295

# role: roles/resourcemanager.organizationViewer

1296

# condition:

1297

# title: expirable access

1298

# description: Does not grant access after Sep 2020

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1299

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1300

# - etag: BwWWja0YfJA=

1301

# - version: 3

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1302

#

1303

# For a description of IAM and its features, see the

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1304

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1305

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1306

# `condition` that determines how and when the `bindings` are applied. Each

1307

# of the `bindings` must contain at least one member.

1308

{ # Associates `members` with a `role`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1309

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1310

#

1311

# If the condition evaluates to `true`, then this binding applies to the

1312

# current request.

1313

#

1314

# If the condition evaluates to `false`, then this binding does not apply to

1315

# the current request. However, a different role binding might grant the same

1316

# role to one or more of the members in this binding.

1317

#

1318

# To learn which resources support conditions in their IAM policies, see the

1319

# [IAM

1320

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1321

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1322

# are documented at https://github.com/google/cel-spec.

1323

#

1324

# Example (Comparison):

1325

#

1326

# title: "Summary size limit"

1327

# description: "Determines if a summary is less than 100 chars"

1328

# expression: "document.summary.size() < 100"

1329

#

1330

# Example (Equality):

1331

#

1332

# title: "Requestor is owner"

1333

# description: "Determines if requestor is the document owner"

1334

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1339

# description: "Determine whether the document should be publicly visible"

1340

# expression: "document.type != 'private' && document.type != 'internal'"

1341

#

1342

# Example (Data Manipulation):

1343

#

1344

# title: "Notification string"

1345

# description: "Create a notification string with a timestamp."

1346

# expression: "'New message received at ' + string(document.create_time)"

1347

#

1348

# The exact variables and functions that may be referenced within an expression

1349

# are determined by the service that evaluates it. See the service

1350

# documentation for additional information.

1351

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1352

# its purpose. This can be used e.g. in UIs which allow to enter the

1353

# expression.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1354

"description": "A String", # Optional. Description of the expression. This is a longer text which

1355

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1356

"expression": "A String", # Textual representation of an expression in Common Expression Language

1357

# syntax.

1358

"location": "A String", # Optional. String indicating the location of the expression for error

1359

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1360

},

1361

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1362

# `members` can have the following values:

1363

#

1364

# * `allUsers`: A special identifier that represents anyone who is

1365

# on the internet; with or without a Google account.

1366

#

1367

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1368

# who is authenticated with a Google account or a service account.

1369

#

1370

# * `user:{emailid}`: An email address that represents a specific Google

1371

# account. For example, `alice@example.com` .

1372

#

1373

#

1374

# * `serviceAccount:{emailid}`: An email address that represents a service

1375

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1376

#

1377

# * `group:{emailid}`: An email address that represents a Google group.

1378

# For example, `admins@example.com`.

1379

#

1380

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1381

# identifier) representing a user that has been recently deleted. For

1382

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1383

# recovered, this value reverts to `user:{emailid}` and the recovered user

1384

# retains the role in the binding.

1385

#

1386

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1387

# unique identifier) representing a service account that has been recently

1388

# deleted. For example,

1389

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1390

# If the service account is undeleted, this value reverts to

1391

# `serviceAccount:{emailid}` and the undeleted service account retains the

1392

# role in the binding.

1393

#

1394

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1395

# identifier) representing a Google group that has been recently

1396

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1397

# the group is recovered, this value reverts to `group:{emailid}` and the

1398

# recovered group retains the role in the binding.

1399

#

1400

#

1401

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1402

# users of that domain. For example, `google.com` or `example.com`.

1403

#

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1404

"A String",

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1405

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1406

"role": "A String", # Role that is assigned to `members`.

1407

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1408

},

1409

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame]

1410

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1411

# prevent simultaneous updates of a policy from overwriting each other.

1412

# It is strongly suggested that systems make use of the `etag` in the

1413

# read-modify-write cycle to perform policy updates in order to avoid race

1414

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1415

# systems are expected to put that etag in the request to `setIamPolicy` to

1416

# ensure that their change will be applied to the same version of the policy.

1417

#

1418

# **Important:** If you use IAM Conditions, you must include the `etag` field

1419

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1420

# you to overwrite a version `3` policy with a version `1` policy, and all of

1421

# the conditions in the version `3` policy are lost.

1422

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1423

{ # Specifies the audit configuration for a service.

1424

# The configuration determines which permission types are logged, and what

1425

# identities, if any, are exempted from logging.

1426

# An AuditConfig must have one or more AuditLogConfigs.

1427

#

1428

# If there are AuditConfigs for both `allServices` and a specific service,

1429

# the union of the two AuditConfigs is used for that service: the log_types

1430

# specified in each AuditConfig are enabled, and the exempted_members in each

1431

# AuditLogConfig are exempted.

1432

#

1433

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

1439

# "audit_log_configs": [

1440

# {

1441

# "log_type": "DATA_READ",

1442

# "exempted_members": [

1443

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

1448

# },

1449

# {

1450

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

1456

# "audit_log_configs": [

1457

# {

1458

# "log_type": "DATA_READ"

1459

# },

1460

# {

1461

# "log_type": "DATA_WRITE",

1462

# "exempted_members": [

1463

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1472

# logging. It also exempts jose@example.com from DATA_READ logging, and

1473

# aliya@example.com from DATA_WRITE logging.

1474

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1475

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1480

# {

1481

# "log_type": "DATA_READ",

1482

# "exempted_members": [

1483

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1493

# jose@example.com from DATA_READ logging.

1494

"logType": "A String", # The log type that this config enables.

1495

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1496

# permission.

1497

# Follows the same format of Binding.members.

"A String",

],

},

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

1503

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1504

# `allServices` is a special value that covers all services.

1505

},

1506

],

1507

"version": 42, # Specifies the format of the policy.

1508

#

1509

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1510

# are rejected.

1511

#

1512

# Any operation that affects conditional role bindings must specify version

1513

# `3`. This requirement applies to the following operations:

1514

#

1515

# * Getting a policy that includes a conditional role binding

1516

# * Adding a conditional role binding to a policy

1517

# * Changing a conditional role binding in a policy

1518

# * Removing any role binding, with or without a condition, from a policy

1519

# that includes conditions

1520

#

1521

# **Important:** If you use IAM Conditions, you must include the `etag` field

1522

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1523

# you to overwrite a version `3` policy with a version `1` policy, and all of

1524

# the conditions in the version `3` policy are lost.

1525

#

1526

# If a policy does not include any conditions, operations on that policy may

1527

# specify any valid version or leave the field unset.

1528

#

1529

# To learn which resources support conditions in their IAM policies, see the

1530

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1535

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1536

<pre>Returns permissions that a caller has on the specified resource.

1537

If the resource does not exist, this will return an empty set of

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1538

permissions, not a `NOT_FOUND` error.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1539

1540

Note: This operation is designed to be used for building permission-aware

1541

UIs and command-line tools, not for authorization checking. This operation

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1542

may "fail open" without warning.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1543

1544

Args:

1545

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1546

See the operation documentation for the appropriate value for this field. (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1547

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1548

The object takes the form of:

1549

1550

{ # Request message for `TestIamPermissions` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1551

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1552

# wildcards (such as '*' or 'storage.*') are not allowed. For more

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1553

# information see

1554

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1555

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1566

1567

{ # Response message for `TestIamPermissions` method.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1568

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1569

# allowed.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1570

"A String",

Bu Sun Kim