Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / c30d2b5d4478b230246dcaaa9f1c533ca3304387 / . / docs / dyn / sourcerepo_v1.projects.repos.html
blob: e700c2a5f507423ff47509942abfce893290999e [file] [log] [blame]
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="sourcerepo_v1.html">Cloud Source Repositories API</a> . <a href="sourcerepo_v1.projects.html">projects</a> . <a href="sourcerepo_v1.projects.repos.html">repos</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#create">create(parent=None, body, x__xgafv=None)</a></code></p>
79<p class="firstline">Creates a repo in the given project with the given name..</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name=None, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes a repo.</p>
83<p class="toc_element">
84 <code><a href="#get">get(name=None, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns information about a repo.</p>
86<p class="toc_element">
87 <code><a href="#getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</a></code></p>
88<p class="firstline">Gets the access control policy for a resource.</p>
89<p class="toc_element">
90 <code><a href="#list">list(name=None, x__xgafv=None)</a></code></p>
91<p class="firstline">Returns all repos belonging to a project.</p>
92<p class="toc_element">
93 <code><a href="#setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</a></code></p>
94<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
95<p class="toc_element">
96 <code><a href="#testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</a></code></p>
97<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
98<h3>Method Details</h3>
99<div class="method">
100 <code class="details" id="create">create(parent=None, body, x__xgafv=None)</code>
101 <pre>Creates a repo in the given project with the given name..
102
103If the named repository already exists, `CreateRepo` returns
104`ALREADY_EXISTS`.
105
106Args:
107 parent: string, The project in which to create the repo. Values are of the form
108`projects/<project>`. (required)
109 body: object, The request body. (required)
110 The object takes the form of:
111
112{ # A repository (or repo) is a Git repository storing versioned source content.
113 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories.
114 "size": "A String", # The size in bytes of the repo.
115 "name": "A String", # Resource name of the repository, of the form
116 # `projects/<project>/repos/<repo>`.
117 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service.
118 # hosting service, for example GitHub or BitBucket.
119 "url": "A String", # URL of the main repository at the other hosting service.
120 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring.
121 # Removing this webook from the other hosting service will stop
122 # Google Cloud Source Repositories from receiving notifications,
123 # and thereby disabling mirroring.
124 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service.
125 # Removing this key from the other service would deauthorize
126 # Google Cloud Source Repositories from mirroring.
127 },
128}
129
130 x__xgafv: string, V1 error format.
131 Allowed values
132 1 - v1 error format
133 2 - v2 error format
134
135Returns:
136 An object of the form:
137
138 { # A repository (or repo) is a Git repository storing versioned source content.
139 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories.
140 "size": "A String", # The size in bytes of the repo.
141 "name": "A String", # Resource name of the repository, of the form
142 # `projects/<project>/repos/<repo>`.
143 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service.
144 # hosting service, for example GitHub or BitBucket.
145 "url": "A String", # URL of the main repository at the other hosting service.
146 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring.
147 # Removing this webook from the other hosting service will stop
148 # Google Cloud Source Repositories from receiving notifications,
149 # and thereby disabling mirroring.
150 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service.
151 # Removing this key from the other service would deauthorize
152 # Google Cloud Source Repositories from mirroring.
153 },
154 }</pre>
155</div>
156
157<div class="method">
158 <code class="details" id="delete">delete(name=None, x__xgafv=None)</code>
159 <pre>Deletes a repo.
160
161Args:
162 name: string, The name of the repo to delete. Values are of the form
163`projects/<project>/repos/<repo>`. (required)
164 x__xgafv: string, V1 error format.
165 Allowed values
166 1 - v1 error format
167 2 - v2 error format
168
169Returns:
170 An object of the form:
171
172 { # A generic empty message that you can re-use to avoid defining duplicated
173 # empty messages in your APIs. A typical example is to use it as the request
174 # or the response type of an API method. For instance:
175 #
176 # service Foo {
177 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
178 # }
179 #
180 # The JSON representation for `Empty` is empty JSON object `{}`.
181 }</pre>
182</div>
183
184<div class="method">
185 <code class="details" id="get">get(name=None, x__xgafv=None)</code>
186 <pre>Returns information about a repo.
187
188Args:
189 name: string, The name of the requested repository. Values are of the form
190`projects/<project>/repos/<repo>`. (required)
191 x__xgafv: string, V1 error format.
192 Allowed values
193 1 - v1 error format
194 2 - v2 error format
195
196Returns:
197 An object of the form:
198
199 { # A repository (or repo) is a Git repository storing versioned source content.
200 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories.
201 "size": "A String", # The size in bytes of the repo.
202 "name": "A String", # Resource name of the repository, of the form
203 # `projects/<project>/repos/<repo>`.
204 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service.
205 # hosting service, for example GitHub or BitBucket.
206 "url": "A String", # URL of the main repository at the other hosting service.
207 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring.
208 # Removing this webook from the other hosting service will stop
209 # Google Cloud Source Repositories from receiving notifications,
210 # and thereby disabling mirroring.
211 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service.
212 # Removing this key from the other service would deauthorize
213 # Google Cloud Source Repositories from mirroring.
214 },
215 }</pre>
216</div>
217
218<div class="method">
219 <code class="details" id="getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</code>
220 <pre>Gets the access control policy for a resource.
221Returns an empty policy if the resource exists and does not have a policy
222set.
223
224Args:
225 resource: string, REQUIRED: The resource for which the policy is being requested.
226See the operation documentation for the appropriate value for this field. (required)
227 x__xgafv: string, V1 error format.
228 Allowed values
229 1 - v1 error format
230 2 - v2 error format
231
232Returns:
233 An object of the form:
234
235 { # Defines an Identity and Access Management (IAM) policy. It is used to
236 # specify access control policies for Cloud Platform resources.
237 #
238 #
239 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
240 # `members` to a `role`, where the members can be user accounts, Google groups,
241 # Google domains, and service accounts. A `role` is a named list of permissions
242 # defined by IAM.
243 #
244 # **Example**
245 #
246 # {
247 # "bindings": [
248 # {
249 # "role": "roles/owner",
250 # "members": [
251 # "user:mike@example.com",
252 # "group:admins@example.com",
253 # "domain:google.com",
254 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
255 # ]
256 # },
257 # {
258 # "role": "roles/viewer",
259 # "members": ["user:sean@example.com"]
260 # }
261 # ]
262 # }
263 #
264 # For a description of IAM and its features, see the
265 # [IAM developer's guide](https://cloud.google.com/iam).
266 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
267 { # Specifies the audit configuration for a service.
268 # It consists of which permission types are logged, and what identities, if
269 # any, are exempted from logging.
270 # An AuditConifg must have one or more AuditLogConfigs.
271 #
272 # If there are AuditConfigs for both `allServices` and a specific service,
273 # the union of the two AuditConfigs is used for that service: the log_types
274 # specified in each AuditConfig are enabled, and the exempted_members in each
275 # AuditConfig are exempted.
276 # Example Policy with multiple AuditConfigs:
277 # {
278 # "audit_configs": [
279 # {
280 # "service": "allServices"
281 # "audit_log_configs": [
282 # {
283 # "log_type": "DATA_READ",
284 # "exempted_members": [
285 # "user:foo@gmail.com"
286 # ]
287 # },
288 # {
289 # "log_type": "DATA_WRITE",
290 # },
291 # {
292 # "log_type": "ADMIN_READ",
293 # }
294 # ]
295 # },
296 # {
297 # "service": "fooservice@googleapis.com"
298 # "audit_log_configs": [
299 # {
300 # "log_type": "DATA_READ",
301 # },
302 # {
303 # "log_type": "DATA_WRITE",
304 # "exempted_members": [
305 # "user:bar@gmail.com"
306 # ]
307 # }
308 # ]
309 # }
310 # ]
311 # }
312 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
313 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
314 # bar@gmail.com from DATA_WRITE logging.
315 "exemptedMembers": [
316 "A String",
317 ],
318 "auditLogConfigs": [ # The configuration for logging of each type of permission.
319 # Next ID: 4
320 { # Provides the configuration for logging a type of permissions.
321 # Example:
322 #
323 # {
324 # "audit_log_configs": [
325 # {
326 # "log_type": "DATA_READ",
327 # "exempted_members": [
328 # "user:foo@gmail.com"
329 # ]
330 # },
331 # {
332 # "log_type": "DATA_WRITE",
333 # }
334 # ]
335 # }
336 #
337 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
338 # foo@gmail.com from DATA_READ logging.
339 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
340 # permission.
341 # Follows the same format of Binding.members.
342 "A String",
343 ],
344 "logType": "A String", # The log type that this config enables.
345 },
346 ],
347 "service": "A String", # Specifies a service that will be enabled for audit logging.
348 # For example, `resourcemanager`, `storage`, `compute`.
349 # `allServices` is a special value that covers all services.
350 },
351 ],
352 "rules": [ # If more than one rule is specified, the rules are applied in the following
353 # manner:
354 # - All matching LOG rules are always applied.
355 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
356 # Logging will be applied if one or more matching rule requires logging.
357 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
358 # granted.
359 # Logging will be applied if one or more matching rule requires logging.
360 # - Otherwise, if no rule applies, permission is denied.
361 { # A rule to be applied in a Policy.
362 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
363 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
364 # The format for in and not_in entries is the same as for members in a
365 # Binding (see google/iam/v1/policy.proto).
366 "A String",
367 ],
368 "description": "A String", # Human-readable description of the rule.
369 "in": [ # If one or more 'in' clauses are specified, the rule matches if
370 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
371 "A String",
372 ],
373 "action": "A String", # Required
374 "conditions": [ # Additional restrictions that must be met
375 { # A condition to be met.
376 "iam": "A String", # Trusted attributes supplied by the IAM system.
377 "svc": "A String", # Trusted attributes discharged by the service.
378 "value": "A String", # DEPRECATED. Use 'values' instead.
379 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
380 # the IAM system for access control.
381 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
382 "A String",
383 ],
384 "op": "A String", # An operator to apply the subject with.
385 },
386 ],
387 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
388 # that match the LOG action.
389 { # Specifies what kind of log the caller must write
390 # Increment a streamz counter with the specified metric and field names.
391 #
392 # Metric names should start with a '/', generally be lowercase-only,
393 # and end in "_count". Field names should not contain an initial slash.
394 # The actual exported metric names will have "/iam/policy" prepended.
395 #
396 # Field names correspond to IAM request parameters and field values are
397 # their respective values.
398 #
399 # At present the only supported field names are
400 # - "iam_principal", corresponding to IAMContext.principal;
401 # - "" (empty string), resulting in one aggretated counter with no field.
402 #
403 # Examples:
404 # counter { metric: "/debug_access_count" field: "iam_principal" }
405 # ==> increment counter /iam/policy/backend_debug_access_count
406 # {iam_principal=[value of IAMContext.principal]}
407 #
408 # At this time we do not support:
409 # * multiple field names (though this may be supported in the future)
410 # * decrementing the counter
411 # * incrementing it by anything other than 1
412 "counter": { # Options for counters # Counter options.
413 "field": "A String", # The field value to attribute.
414 "metric": "A String", # The metric to update.
415 },
416 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
417 },
418 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
419 },
420 },
421 ],
422 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
423 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
424 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
425 "A String",
426 ],
427 },
428 ],
429 "version": 42, # Version of the `Policy`. The default version is 0.
430 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
431 # prevent simultaneous updates of a policy from overwriting each other.
432 # It is strongly suggested that systems make use of the `etag` in the
433 # read-modify-write cycle to perform policy updates in order to avoid race
434 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
435 # systems are expected to put that etag in the request to `setIamPolicy` to
436 # ensure that their change will be applied to the same version of the policy.
437 #
438 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
439 # policy is overwritten blindly.
440 "bindings": [ # Associates a list of `members` to a `role`.
441 # Multiple `bindings` must not be specified for the same `role`.
442 # `bindings` with no members will result in an error.
443 { # Associates `members` with a `role`.
444 "role": "A String", # Role that is assigned to `members`.
445 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
446 # Required
447 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
448 # `members` can have the following values:
449 #
450 # * `allUsers`: A special identifier that represents anyone who is
451 # on the internet; with or without a Google account.
452 #
453 # * `allAuthenticatedUsers`: A special identifier that represents anyone
454 # who is authenticated with a Google account or a service account.
455 #
456 # * `user:{emailid}`: An email address that represents a specific Google
457 # account. For example, `alice@gmail.com` or `joe@example.com`.
458 #
459 #
460 # * `serviceAccount:{emailid}`: An email address that represents a service
461 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
462 #
463 # * `group:{emailid}`: An email address that represents a Google group.
464 # For example, `admins@example.com`.
465 #
466 # * `domain:{domain}`: A Google Apps domain name that represents all the
467 # users of that domain. For example, `google.com` or `example.com`.
468 #
469 "A String",
470 ],
471 },
472 ],
473 "iamOwned": True or False,
474 }</pre>
475</div>
476
477<div class="method">
478 <code class="details" id="list">list(name=None, x__xgafv=None)</code>
479 <pre>Returns all repos belonging to a project.
480
481Args:
482 name: string, The project ID whose repos should be listed. Values are of the form
483`projects/<project>`. (required)
484 x__xgafv: string, V1 error format.
485 Allowed values
486 1 - v1 error format
487 2 - v2 error format
488
489Returns:
490 An object of the form:
491
492 { # Response for ListRepos.
493 "repos": [ # The listed repos.
494 { # A repository (or repo) is a Git repository storing versioned source content.
495 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories.
496 "size": "A String", # The size in bytes of the repo.
497 "name": "A String", # Resource name of the repository, of the form
498 # `projects/<project>/repos/<repo>`.
499 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service.
500 # hosting service, for example GitHub or BitBucket.
501 "url": "A String", # URL of the main repository at the other hosting service.
502 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring.
503 # Removing this webook from the other hosting service will stop
504 # Google Cloud Source Repositories from receiving notifications,
505 # and thereby disabling mirroring.
506 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service.
507 # Removing this key from the other service would deauthorize
508 # Google Cloud Source Repositories from mirroring.
509 },
510 },
511 ],
512 }</pre>
513</div>
514
515<div class="method">
516 <code class="details" id="setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</code>
517 <pre>Sets the access control policy on the specified resource. Replaces any
518existing policy.
519
520Args:
521 resource: string, REQUIRED: The resource for which the policy is being specified.
522See the operation documentation for the appropriate value for this field. (required)
523 body: object, The request body. (required)
524 The object takes the form of:
525
526{ # Request message for `SetIamPolicy` method.
527 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
528 # the policy is limited to a few 10s of KB. An empty policy is a
529 # valid policy but certain Cloud Platform services (such as Projects)
530 # might reject them.
531 # specify access control policies for Cloud Platform resources.
532 #
533 #
534 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
535 # `members` to a `role`, where the members can be user accounts, Google groups,
536 # Google domains, and service accounts. A `role` is a named list of permissions
537 # defined by IAM.
538 #
539 # **Example**
540 #
541 # {
542 # "bindings": [
543 # {
544 # "role": "roles/owner",
545 # "members": [
546 # "user:mike@example.com",
547 # "group:admins@example.com",
548 # "domain:google.com",
549 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
550 # ]
551 # },
552 # {
553 # "role": "roles/viewer",
554 # "members": ["user:sean@example.com"]
555 # }
556 # ]
557 # }
558 #
559 # For a description of IAM and its features, see the
560 # [IAM developer's guide](https://cloud.google.com/iam).
561 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
562 { # Specifies the audit configuration for a service.
563 # It consists of which permission types are logged, and what identities, if
564 # any, are exempted from logging.
565 # An AuditConifg must have one or more AuditLogConfigs.
566 #
567 # If there are AuditConfigs for both `allServices` and a specific service,
568 # the union of the two AuditConfigs is used for that service: the log_types
569 # specified in each AuditConfig are enabled, and the exempted_members in each
570 # AuditConfig are exempted.
571 # Example Policy with multiple AuditConfigs:
572 # {
573 # "audit_configs": [
574 # {
575 # "service": "allServices"
576 # "audit_log_configs": [
577 # {
578 # "log_type": "DATA_READ",
579 # "exempted_members": [
580 # "user:foo@gmail.com"
581 # ]
582 # },
583 # {
584 # "log_type": "DATA_WRITE",
585 # },
586 # {
587 # "log_type": "ADMIN_READ",
588 # }
589 # ]
590 # },
591 # {
592 # "service": "fooservice@googleapis.com"
593 # "audit_log_configs": [
594 # {
595 # "log_type": "DATA_READ",
596 # },
597 # {
598 # "log_type": "DATA_WRITE",
599 # "exempted_members": [
600 # "user:bar@gmail.com"
601 # ]
602 # }
603 # ]
604 # }
605 # ]
606 # }
607 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
608 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
609 # bar@gmail.com from DATA_WRITE logging.
610 "exemptedMembers": [
611 "A String",
612 ],
613 "auditLogConfigs": [ # The configuration for logging of each type of permission.
614 # Next ID: 4
615 { # Provides the configuration for logging a type of permissions.
616 # Example:
617 #
618 # {
619 # "audit_log_configs": [
620 # {
621 # "log_type": "DATA_READ",
622 # "exempted_members": [
623 # "user:foo@gmail.com"
624 # ]
625 # },
626 # {
627 # "log_type": "DATA_WRITE",
628 # }
629 # ]
630 # }
631 #
632 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
633 # foo@gmail.com from DATA_READ logging.
634 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
635 # permission.
636 # Follows the same format of Binding.members.
637 "A String",
638 ],
639 "logType": "A String", # The log type that this config enables.
640 },
641 ],
642 "service": "A String", # Specifies a service that will be enabled for audit logging.
643 # For example, `resourcemanager`, `storage`, `compute`.
644 # `allServices` is a special value that covers all services.
645 },
646 ],
647 "rules": [ # If more than one rule is specified, the rules are applied in the following
648 # manner:
649 # - All matching LOG rules are always applied.
650 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
651 # Logging will be applied if one or more matching rule requires logging.
652 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
653 # granted.
654 # Logging will be applied if one or more matching rule requires logging.
655 # - Otherwise, if no rule applies, permission is denied.
656 { # A rule to be applied in a Policy.
657 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
658 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
659 # The format for in and not_in entries is the same as for members in a
660 # Binding (see google/iam/v1/policy.proto).
661 "A String",
662 ],
663 "description": "A String", # Human-readable description of the rule.
664 "in": [ # If one or more 'in' clauses are specified, the rule matches if
665 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
666 "A String",
667 ],
668 "action": "A String", # Required
669 "conditions": [ # Additional restrictions that must be met
670 { # A condition to be met.
671 "iam": "A String", # Trusted attributes supplied by the IAM system.
672 "svc": "A String", # Trusted attributes discharged by the service.
673 "value": "A String", # DEPRECATED. Use 'values' instead.
674 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
675 # the IAM system for access control.
676 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
677 "A String",
678 ],
679 "op": "A String", # An operator to apply the subject with.
680 },
681 ],
682 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
683 # that match the LOG action.
684 { # Specifies what kind of log the caller must write
685 # Increment a streamz counter with the specified metric and field names.
686 #
687 # Metric names should start with a '/', generally be lowercase-only,
688 # and end in "_count". Field names should not contain an initial slash.
689 # The actual exported metric names will have "/iam/policy" prepended.
690 #
691 # Field names correspond to IAM request parameters and field values are
692 # their respective values.
693 #
694 # At present the only supported field names are
695 # - "iam_principal", corresponding to IAMContext.principal;
696 # - "" (empty string), resulting in one aggretated counter with no field.
697 #
698 # Examples:
699 # counter { metric: "/debug_access_count" field: "iam_principal" }
700 # ==> increment counter /iam/policy/backend_debug_access_count
701 # {iam_principal=[value of IAMContext.principal]}
702 #
703 # At this time we do not support:
704 # * multiple field names (though this may be supported in the future)
705 # * decrementing the counter
706 # * incrementing it by anything other than 1
707 "counter": { # Options for counters # Counter options.
708 "field": "A String", # The field value to attribute.
709 "metric": "A String", # The metric to update.
710 },
711 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
712 },
713 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
714 },
715 },
716 ],
717 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
718 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
719 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
720 "A String",
721 ],
722 },
723 ],
724 "version": 42, # Version of the `Policy`. The default version is 0.
725 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
726 # prevent simultaneous updates of a policy from overwriting each other.
727 # It is strongly suggested that systems make use of the `etag` in the
728 # read-modify-write cycle to perform policy updates in order to avoid race
729 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
730 # systems are expected to put that etag in the request to `setIamPolicy` to
731 # ensure that their change will be applied to the same version of the policy.
732 #
733 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
734 # policy is overwritten blindly.
735 "bindings": [ # Associates a list of `members` to a `role`.
736 # Multiple `bindings` must not be specified for the same `role`.
737 # `bindings` with no members will result in an error.
738 { # Associates `members` with a `role`.
739 "role": "A String", # Role that is assigned to `members`.
740 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
741 # Required
742 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
743 # `members` can have the following values:
744 #
745 # * `allUsers`: A special identifier that represents anyone who is
746 # on the internet; with or without a Google account.
747 #
748 # * `allAuthenticatedUsers`: A special identifier that represents anyone
749 # who is authenticated with a Google account or a service account.
750 #
751 # * `user:{emailid}`: An email address that represents a specific Google
752 # account. For example, `alice@gmail.com` or `joe@example.com`.
753 #
754 #
755 # * `serviceAccount:{emailid}`: An email address that represents a service
756 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
757 #
758 # * `group:{emailid}`: An email address that represents a Google group.
759 # For example, `admins@example.com`.
760 #
761 # * `domain:{domain}`: A Google Apps domain name that represents all the
762 # users of that domain. For example, `google.com` or `example.com`.
763 #
764 "A String",
765 ],
766 },
767 ],
768 "iamOwned": True or False,
769 },
770 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
771 # the fields in the mask will be modified. If no mask is provided, a default
772 # mask is used:
773 # paths: "bindings, etag"
774 # This field is only used by Cloud IAM.
775 }
776
777 x__xgafv: string, V1 error format.
778 Allowed values
779 1 - v1 error format
780 2 - v2 error format
781
782Returns:
783 An object of the form:
784
785 { # Defines an Identity and Access Management (IAM) policy. It is used to
786 # specify access control policies for Cloud Platform resources.
787 #
788 #
789 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
790 # `members` to a `role`, where the members can be user accounts, Google groups,
791 # Google domains, and service accounts. A `role` is a named list of permissions
792 # defined by IAM.
793 #
794 # **Example**
795 #
796 # {
797 # "bindings": [
798 # {
799 # "role": "roles/owner",
800 # "members": [
801 # "user:mike@example.com",
802 # "group:admins@example.com",
803 # "domain:google.com",
804 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
805 # ]
806 # },
807 # {
808 # "role": "roles/viewer",
809 # "members": ["user:sean@example.com"]
810 # }
811 # ]
812 # }
813 #
814 # For a description of IAM and its features, see the
815 # [IAM developer's guide](https://cloud.google.com/iam).
816 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
817 { # Specifies the audit configuration for a service.
818 # It consists of which permission types are logged, and what identities, if
819 # any, are exempted from logging.
820 # An AuditConifg must have one or more AuditLogConfigs.
821 #
822 # If there are AuditConfigs for both `allServices` and a specific service,
823 # the union of the two AuditConfigs is used for that service: the log_types
824 # specified in each AuditConfig are enabled, and the exempted_members in each
825 # AuditConfig are exempted.
826 # Example Policy with multiple AuditConfigs:
827 # {
828 # "audit_configs": [
829 # {
830 # "service": "allServices"
831 # "audit_log_configs": [
832 # {
833 # "log_type": "DATA_READ",
834 # "exempted_members": [
835 # "user:foo@gmail.com"
836 # ]
837 # },
838 # {
839 # "log_type": "DATA_WRITE",
840 # },
841 # {
842 # "log_type": "ADMIN_READ",
843 # }
844 # ]
845 # },
846 # {
847 # "service": "fooservice@googleapis.com"
848 # "audit_log_configs": [
849 # {
850 # "log_type": "DATA_READ",
851 # },
852 # {
853 # "log_type": "DATA_WRITE",
854 # "exempted_members": [
855 # "user:bar@gmail.com"
856 # ]
857 # }
858 # ]
859 # }
860 # ]
861 # }
862 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
863 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
864 # bar@gmail.com from DATA_WRITE logging.
865 "exemptedMembers": [
866 "A String",
867 ],
868 "auditLogConfigs": [ # The configuration for logging of each type of permission.
869 # Next ID: 4
870 { # Provides the configuration for logging a type of permissions.
871 # Example:
872 #
873 # {
874 # "audit_log_configs": [
875 # {
876 # "log_type": "DATA_READ",
877 # "exempted_members": [
878 # "user:foo@gmail.com"
879 # ]
880 # },
881 # {
882 # "log_type": "DATA_WRITE",
883 # }
884 # ]
885 # }
886 #
887 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
888 # foo@gmail.com from DATA_READ logging.
889 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
890 # permission.
891 # Follows the same format of Binding.members.
892 "A String",
893 ],
894 "logType": "A String", # The log type that this config enables.
895 },
896 ],
897 "service": "A String", # Specifies a service that will be enabled for audit logging.
898 # For example, `resourcemanager`, `storage`, `compute`.
899 # `allServices` is a special value that covers all services.
900 },
901 ],
902 "rules": [ # If more than one rule is specified, the rules are applied in the following
903 # manner:
904 # - All matching LOG rules are always applied.
905 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
906 # Logging will be applied if one or more matching rule requires logging.
907 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
908 # granted.
909 # Logging will be applied if one or more matching rule requires logging.
910 # - Otherwise, if no rule applies, permission is denied.
911 { # A rule to be applied in a Policy.
912 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
913 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
914 # The format for in and not_in entries is the same as for members in a
915 # Binding (see google/iam/v1/policy.proto).
916 "A String",
917 ],
918 "description": "A String", # Human-readable description of the rule.
919 "in": [ # If one or more 'in' clauses are specified, the rule matches if
920 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
921 "A String",
922 ],
923 "action": "A String", # Required
924 "conditions": [ # Additional restrictions that must be met
925 { # A condition to be met.
926 "iam": "A String", # Trusted attributes supplied by the IAM system.
927 "svc": "A String", # Trusted attributes discharged by the service.
928 "value": "A String", # DEPRECATED. Use 'values' instead.
929 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
930 # the IAM system for access control.
931 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
932 "A String",
933 ],
934 "op": "A String", # An operator to apply the subject with.
935 },
936 ],
937 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
938 # that match the LOG action.
939 { # Specifies what kind of log the caller must write
940 # Increment a streamz counter with the specified metric and field names.
941 #
942 # Metric names should start with a '/', generally be lowercase-only,
943 # and end in "_count". Field names should not contain an initial slash.
944 # The actual exported metric names will have "/iam/policy" prepended.
945 #
946 # Field names correspond to IAM request parameters and field values are
947 # their respective values.
948 #
949 # At present the only supported field names are
950 # - "iam_principal", corresponding to IAMContext.principal;
951 # - "" (empty string), resulting in one aggretated counter with no field.
952 #
953 # Examples:
954 # counter { metric: "/debug_access_count" field: "iam_principal" }
955 # ==> increment counter /iam/policy/backend_debug_access_count
956 # {iam_principal=[value of IAMContext.principal]}
957 #
958 # At this time we do not support:
959 # * multiple field names (though this may be supported in the future)
960 # * decrementing the counter
961 # * incrementing it by anything other than 1
962 "counter": { # Options for counters # Counter options.
963 "field": "A String", # The field value to attribute.
964 "metric": "A String", # The metric to update.
965 },
966 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
967 },
968 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
969 },
970 },
971 ],
972 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
973 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
974 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
975 "A String",
976 ],
977 },
978 ],
979 "version": 42, # Version of the `Policy`. The default version is 0.
980 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
981 # prevent simultaneous updates of a policy from overwriting each other.
982 # It is strongly suggested that systems make use of the `etag` in the
983 # read-modify-write cycle to perform policy updates in order to avoid race
984 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
985 # systems are expected to put that etag in the request to `setIamPolicy` to
986 # ensure that their change will be applied to the same version of the policy.
987 #
988 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
989 # policy is overwritten blindly.
990 "bindings": [ # Associates a list of `members` to a `role`.
991 # Multiple `bindings` must not be specified for the same `role`.
992 # `bindings` with no members will result in an error.
993 { # Associates `members` with a `role`.
994 "role": "A String", # Role that is assigned to `members`.
995 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
996 # Required
997 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
998 # `members` can have the following values:
999 #
1000 # * `allUsers`: A special identifier that represents anyone who is
1001 # on the internet; with or without a Google account.
1002 #
1003 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1004 # who is authenticated with a Google account or a service account.
1005 #
1006 # * `user:{emailid}`: An email address that represents a specific Google
1007 # account. For example, `alice@gmail.com` or `joe@example.com`.
1008 #
1009 #
1010 # * `serviceAccount:{emailid}`: An email address that represents a service
1011 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1012 #
1013 # * `group:{emailid}`: An email address that represents a Google group.
1014 # For example, `admins@example.com`.
1015 #
1016 # * `domain:{domain}`: A Google Apps domain name that represents all the
1017 # users of that domain. For example, `google.com` or `example.com`.
1018 #
1019 "A String",
1020 ],
1021 },
1022 ],
1023 "iamOwned": True or False,
1024 }</pre>
1025</div>
1026
1027<div class="method">
1028 <code class="details" id="testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</code>
1029 <pre>Returns permissions that a caller has on the specified resource.
1030If the resource does not exist, this will return an empty set of
1031permissions, not a NOT_FOUND error.
1032
1033Args:
1034 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1035See the operation documentation for the appropriate value for this field. (required)
1036 body: object, The request body. (required)
1037 The object takes the form of:
1038
1039{ # Request message for `TestIamPermissions` method.
1040 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
1041 # wildcards (such as '*' or 'storage.*') are not allowed. For more
1042 # information see
1043 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
1044 "A String",
1045 ],
1046 }
1047
1048 x__xgafv: string, V1 error format.
1049 Allowed values
1050 1 - v1 error format
1051 2 - v2 error format
1052
1053Returns:
1054 An object of the form:
1055
1056 { # Response message for `TestIamPermissions` method.
1057 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1058 # allowed.
1059 "A String",
1060 ],
1061 }</pre>
1062</div>
1063
1064</body></html>