Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / c30d2b5d4478b230246dcaaa9f1c533ca3304387 / . / docs / dyn / spanner_v1.projects.instances.databases.html
blob: 281e53ecd7841c46000c4efd5d3ced229c8760e0 [file] [log] [blame]
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="spanner_v1.html">Cloud Spanner API</a> . <a href="spanner_v1.projects.html">projects</a> . <a href="spanner_v1.projects.instances.html">instances</a> . <a href="spanner_v1.projects.instances.databases.html">databases</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="spanner_v1.projects.instances.databases.operations.html">operations()</a></code>
79</p>
80<p class="firstline">Returns the operations Resource.</p>
81
82<p class="toc_element">
83 <code><a href="spanner_v1.projects.instances.databases.sessions.html">sessions()</a></code>
84</p>
85<p class="firstline">Returns the sessions Resource.</p>
86
87<p class="toc_element">
88 <code><a href="#create">create(parent=None, body, x__xgafv=None)</a></code></p>
89<p class="firstline">Creates a new Cloud Spanner database and starts to prepare it for serving.</p>
90<p class="toc_element">
91 <code><a href="#dropDatabase">dropDatabase(database, x__xgafv=None)</a></code></p>
92<p class="firstline">Drops (aka deletes) a Cloud Spanner database.</p>
93<p class="toc_element">
94 <code><a href="#get">get(name=None, x__xgafv=None)</a></code></p>
95<p class="firstline">Gets the state of a Cloud Spanner database.</p>
96<p class="toc_element">
97 <code><a href="#getDdl">getDdl(database, x__xgafv=None)</a></code></p>
98<p class="firstline">Returns the schema of a Cloud Spanner database as a list of formatted</p>
99<p class="toc_element">
100 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p>
101<p class="firstline">Gets the access control policy for a database resource. Returns an empty</p>
102<p class="toc_element">
103 <code><a href="#list">list(parent=None, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
104<p class="firstline">Lists Cloud Spanner databases.</p>
105<p class="toc_element">
106 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
107<p class="firstline">Retrieves the next page of results.</p>
108<p class="toc_element">
109 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
110<p class="firstline">Sets the access control policy on a database resource. Replaces any</p>
111<p class="toc_element">
112 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
113<p class="firstline">Returns permissions that the caller has on the specified database resource.</p>
114<p class="toc_element">
115 <code><a href="#updateDdl">updateDdl(database, body, x__xgafv=None)</a></code></p>
116<p class="firstline">Updates the schema of a Cloud Spanner database by</p>
117<h3>Method Details</h3>
118<div class="method">
119 <code class="details" id="create">create(parent=None, body, x__xgafv=None)</code>
120 <pre>Creates a new Cloud Spanner database and starts to prepare it for serving.
121The returned long-running operation will
122have a name of the format `<database_name>/operations/<operation_id>` and
123can be used to track preparation of the database. The
124metadata field type is
125CreateDatabaseMetadata. The
126response field type is
127Database, if successful.
128
129Args:
130 parent: string, Required. The name of the instance that will serve the new database.
131Values are of the form `projects/<project>/instances/<instance>`. (required)
132 body: object, The request body. (required)
133 The object takes the form of:
134
135{ # The request for CreateDatabase.
136 "extraStatements": [ # An optional list of DDL statements to run inside the newly created
137 # database. Statements can create tables, indexes, etc. These
138 # statements execute atomically with the creation of the database:
139 # if there is an error in any statement, the database is not created.
140 "A String",
141 ],
142 "createStatement": "A String", # Required. A `CREATE DATABASE` statement, which specifies the ID of the
143 # new database. The database ID must conform to the regular expression
144 # `a-z*[a-z0-9]` and be between 2 and 30 characters in length.
145 }
146
147 x__xgafv: string, V1 error format.
148 Allowed values
149 1 - v1 error format
150 2 - v2 error format
151
152Returns:
153 An object of the form:
154
155 { # This resource represents a long-running operation that is the result of a
156 # network API call.
157 "metadata": { # Service-specific metadata associated with the operation. It typically
158 # contains progress information and common metadata such as create time.
159 # Some services might not provide such metadata. Any method that returns a
160 # long-running operation should document the metadata type, if any.
161 "a_key": "", # Properties of the object. Contains field @type with type URL.
162 },
163 "done": True or False, # If the value is `false`, it means the operation is still in progress.
164 # If true, the operation is completed, and either `error` or `response` is
165 # available.
166 "response": { # The normal response of the operation in case of success. If the original
167 # method returns no data on success, such as `Delete`, the response is
168 # `google.protobuf.Empty`. If the original method is standard
169 # `Get`/`Create`/`Update`, the response should be the resource. For other
170 # methods, the response should have the type `XxxResponse`, where `Xxx`
171 # is the original method name. For example, if the original method name
172 # is `TakeSnapshot()`, the inferred response type is
173 # `TakeSnapshotResponse`.
174 "a_key": "", # Properties of the object. Contains field @type with type URL.
175 },
176 "name": "A String", # The server-assigned name, which is only unique within the same service that
177 # originally returns it. If you use the default HTTP mapping, the
178 # `name` should have the format of `operations/some/unique/name`.
179 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation.
180 # programming environments, including REST APIs and RPC APIs. It is used by
181 # [gRPC](https://github.com/grpc). The error model is designed to be:
182 #
183 # - Simple to use and understand for most users
184 # - Flexible enough to meet unexpected needs
185 #
186 # # Overview
187 #
188 # The `Status` message contains three pieces of data: error code, error message,
189 # and error details. The error code should be an enum value of
190 # google.rpc.Code, but it may accept additional error codes if needed. The
191 # error message should be a developer-facing English message that helps
192 # developers *understand* and *resolve* the error. If a localized user-facing
193 # error message is needed, put the localized message in the error details or
194 # localize it in the client. The optional error details may contain arbitrary
195 # information about the error. There is a predefined set of error detail types
196 # in the package `google.rpc` which can be used for common error conditions.
197 #
198 # # Language mapping
199 #
200 # The `Status` message is the logical representation of the error model, but it
201 # is not necessarily the actual wire format. When the `Status` message is
202 # exposed in different client libraries and different wire protocols, it can be
203 # mapped differently. For example, it will likely be mapped to some exceptions
204 # in Java, but more likely mapped to some error codes in C.
205 #
206 # # Other uses
207 #
208 # The error model and the `Status` message can be used in a variety of
209 # environments, either with or without APIs, to provide a
210 # consistent developer experience across different environments.
211 #
212 # Example uses of this error model include:
213 #
214 # - Partial errors. If a service needs to return partial errors to the client,
215 # it may embed the `Status` in the normal response to indicate the partial
216 # errors.
217 #
218 # - Workflow errors. A typical workflow has multiple steps. Each step may
219 # have a `Status` message for error reporting purpose.
220 #
221 # - Batch operations. If a client uses batch request and batch response, the
222 # `Status` message should be used directly inside batch response, one for
223 # each error sub-response.
224 #
225 # - Asynchronous operations. If an API call embeds asynchronous operation
226 # results in its response, the status of those operations should be
227 # represented directly using the `Status` message.
228 #
229 # - Logging. If some API errors are stored in logs, the message `Status` could
230 # be used directly after any stripping needed for security/privacy reasons.
231 "message": "A String", # A developer-facing error message, which should be in English. Any
232 # user-facing error message should be localized and sent in the
233 # google.rpc.Status.details field, or localized by the client.
234 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
235 "details": [ # A list of messages that carry the error details. There will be a
236 # common set of message types for APIs to use.
237 {
238 "a_key": "", # Properties of the object. Contains field @type with type URL.
239 },
240 ],
241 },
242 }</pre>
243</div>
244
245<div class="method">
246 <code class="details" id="dropDatabase">dropDatabase(database, x__xgafv=None)</code>
247 <pre>Drops (aka deletes) a Cloud Spanner database.
248
249Args:
250 database: string, Required. The database to be dropped. (required)
251 x__xgafv: string, V1 error format.
252 Allowed values
253 1 - v1 error format
254 2 - v2 error format
255
256Returns:
257 An object of the form:
258
259 { # A generic empty message that you can re-use to avoid defining duplicated
260 # empty messages in your APIs. A typical example is to use it as the request
261 # or the response type of an API method. For instance:
262 #
263 # service Foo {
264 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
265 # }
266 #
267 # The JSON representation for `Empty` is empty JSON object `{}`.
268 }</pre>
269</div>
270
271<div class="method">
272 <code class="details" id="get">get(name=None, x__xgafv=None)</code>
273 <pre>Gets the state of a Cloud Spanner database.
274
275Args:
276 name: string, Required. The name of the requested database. Values are of the form
277`projects/<project>/instances/<instance>/databases/<database>`. (required)
278 x__xgafv: string, V1 error format.
279 Allowed values
280 1 - v1 error format
281 2 - v2 error format
282
283Returns:
284 An object of the form:
285
286 { # A Cloud Spanner database.
287 "state": "A String", # Output only. The current database state.
288 "name": "A String", # Required. The name of the database. Values are of the form
289 # `projects/<project>/instances/<instance>/databases/<database>`,
290 # where `<database>` is as specified in the `CREATE DATABASE`
291 # statement. This name can be passed to other API methods to
292 # identify the database.
293 }</pre>
294</div>
295
296<div class="method">
297 <code class="details" id="getDdl">getDdl(database, x__xgafv=None)</code>
298 <pre>Returns the schema of a Cloud Spanner database as a list of formatted
299DDL statements. This method does not show pending schema updates, those may
300be queried using the Operations API.
301
302Args:
303 database: string, Required. The database whose schema we wish to get. (required)
304 x__xgafv: string, V1 error format.
305 Allowed values
306 1 - v1 error format
307 2 - v2 error format
308
309Returns:
310 An object of the form:
311
312 { # The response for GetDatabaseDdl.
313 "statements": [ # A list of formatted DDL statements defining the schema of the database
314 # specified in the request.
315 "A String",
316 ],
317 }</pre>
318</div>
319
320<div class="method">
321 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code>
322 <pre>Gets the access control policy for a database resource. Returns an empty
323policy if a database exists but does not have a policy set.
324
325Authorization requires `spanner.databases.getIamPolicy` permission on
326resource.
327
328Args:
329 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being retrieved. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required)
330 body: object, The request body. (required)
331 The object takes the form of:
332
333{ # Request message for `GetIamPolicy` method.
334 }
335
336 x__xgafv: string, V1 error format.
337 Allowed values
338 1 - v1 error format
339 2 - v2 error format
340
341Returns:
342 An object of the form:
343
344 { # Defines an Identity and Access Management (IAM) policy. It is used to
345 # specify access control policies for Cloud Platform resources.
346 #
347 #
348 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
349 # `members` to a `role`, where the members can be user accounts, Google groups,
350 # Google domains, and service accounts. A `role` is a named list of permissions
351 # defined by IAM.
352 #
353 # **Example**
354 #
355 # {
356 # "bindings": [
357 # {
358 # "role": "roles/owner",
359 # "members": [
360 # "user:mike@example.com",
361 # "group:admins@example.com",
362 # "domain:google.com",
363 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
364 # ]
365 # },
366 # {
367 # "role": "roles/viewer",
368 # "members": ["user:sean@example.com"]
369 # }
370 # ]
371 # }
372 #
373 # For a description of IAM and its features, see the
374 # [IAM developer's guide](https://cloud.google.com/iam).
375 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
376 { # Specifies the audit configuration for a service.
377 # It consists of which permission types are logged, and what identities, if
378 # any, are exempted from logging.
379 # An AuditConifg must have one or more AuditLogConfigs.
380 "exemptedMembers": [ # Specifies the identities that are exempted from "data access" audit
381 # logging for the `service` specified above.
382 # Follows the same format of Binding.members.
383 # This field is deprecated in favor of per-permission-type exemptions.
384 "A String",
385 ],
386 "auditLogConfigs": [ # The configuration for logging of each type of permission.
387 # Next ID: 4
388 { # Provides the configuration for logging a type of permissions.
389 # Example:
390 #
391 # {
392 # "audit_log_configs": [
393 # {
394 # "log_type": "DATA_READ",
395 # "exempted_members": [
396 # "user:foo@gmail.com"
397 # ]
398 # },
399 # {
400 # "log_type": "DATA_WRITE",
401 # }
402 # ]
403 # }
404 #
405 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
406 # foo@gmail.com from DATA_READ logging.
407 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
408 # permission.
409 # Follows the same format of Binding.members.
410 "A String",
411 ],
412 "logType": "A String", # The log type that this config enables.
413 },
414 ],
415 "service": "A String", # Specifies a service that will be enabled for audit logging.
416 # For example, `resourcemanager`, `storage`, `compute`.
417 # `allServices` is a special value that covers all services.
418 },
419 ],
420 "rules": [ # If more than one rule is specified, the rules are applied in the following
421 # manner:
422 # - All matching LOG rules are always applied.
423 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
424 # Logging will be applied if one or more matching rule requires logging.
425 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
426 # granted.
427 # Logging will be applied if one or more matching rule requires logging.
428 # - Otherwise, if no rule applies, permission is denied.
429 { # A rule to be applied in a Policy.
430 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
431 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
432 # The format for in and not_in entries is the same as for members in a
433 # Binding (see google/iam/v1/policy.proto).
434 "A String",
435 ],
436 "description": "A String", # Human-readable description of the rule.
437 "in": [ # If one or more 'in' clauses are specified, the rule matches if
438 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
439 "A String",
440 ],
441 "action": "A String", # Required
442 "conditions": [ # Additional restrictions that must be met
443 { # A condition to be met.
444 "iam": "A String", # Trusted attributes supplied by the IAM system.
445 "svc": "A String", # Trusted attributes discharged by the service.
446 "value": "A String", # DEPRECATED. Use 'values' instead.
447 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
448 # the IAM system for access control.
449 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
450 "A String",
451 ],
452 "op": "A String", # An operator to apply the subject with.
453 },
454 ],
455 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
456 # that match the LOG action.
457 { # Specifies what kind of log the caller must write
458 # Increment a streamz counter with the specified metric and field names.
459 #
460 # Metric names should start with a '/', generally be lowercase-only,
461 # and end in "_count". Field names should not contain an initial slash.
462 # The actual exported metric names will have "/iam/policy" prepended.
463 #
464 # Field names correspond to IAM request parameters and field values are
465 # their respective values.
466 #
467 # At present the only supported field names are
468 # - "iam_principal", corresponding to IAMContext.principal;
469 # - "" (empty string), resulting in one aggretated counter with no field.
470 #
471 # Examples:
472 # counter { metric: "/debug_access_count" field: "iam_principal" }
473 # ==> increment counter /iam/policy/backend_debug_access_count
474 # {iam_principal=[value of IAMContext.principal]}
475 #
476 # At this time we do not support:
477 # * multiple field names (though this may be supported in the future)
478 # * decrementing the counter
479 # * incrementing it by anything other than 1
480 "counter": { # Options for counters # Counter options.
481 "field": "A String", # The field value to attribute.
482 "metric": "A String", # The metric to update.
483 },
484 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
485 },
486 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
487 },
488 },
489 ],
490 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
491 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
492 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
493 "A String",
494 ],
495 },
496 ],
497 "version": 42, # Version of the `Policy`. The default version is 0.
498 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
499 # prevent simultaneous updates of a policy from overwriting each other.
500 # It is strongly suggested that systems make use of the `etag` in the
501 # read-modify-write cycle to perform policy updates in order to avoid race
502 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
503 # systems are expected to put that etag in the request to `setIamPolicy` to
504 # ensure that their change will be applied to the same version of the policy.
505 #
506 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
507 # policy is overwritten blindly.
508 "bindings": [ # Associates a list of `members` to a `role`.
509 # Multiple `bindings` must not be specified for the same `role`.
510 # `bindings` with no members will result in an error.
511 { # Associates `members` with a `role`.
512 "role": "A String", # Role that is assigned to `members`.
513 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
514 # Required
515 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
516 # `members` can have the following values:
517 #
518 # * `allUsers`: A special identifier that represents anyone who is
519 # on the internet; with or without a Google account.
520 #
521 # * `allAuthenticatedUsers`: A special identifier that represents anyone
522 # who is authenticated with a Google account or a service account.
523 #
524 # * `user:{emailid}`: An email address that represents a specific Google
525 # account. For example, `alice@gmail.com` or `joe@example.com`.
526 #
527 #
528 # * `serviceAccount:{emailid}`: An email address that represents a service
529 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
530 #
531 # * `group:{emailid}`: An email address that represents a Google group.
532 # For example, `admins@example.com`.
533 #
534 # * `domain:{domain}`: A Google Apps domain name that represents all the
535 # users of that domain. For example, `google.com` or `example.com`.
536 #
537 "A String",
538 ],
539 },
540 ],
541 "iamOwned": True or False,
542 }</pre>
543</div>
544
545<div class="method">
546 <code class="details" id="list">list(parent=None, pageToken=None, x__xgafv=None, pageSize=None)</code>
547 <pre>Lists Cloud Spanner databases.
548
549Args:
550 parent: string, Required. The instance whose databases should be listed.
551Values are of the form `projects/<project>/instances/<instance>`. (required)
552 pageToken: string, If non-empty, `page_token` should contain a
553next_page_token from a
554previous ListDatabasesResponse.
555 x__xgafv: string, V1 error format.
556 Allowed values
557 1 - v1 error format
558 2 - v2 error format
559 pageSize: integer, Number of databases to be returned in the response. If 0 or less,
560defaults to the server's maximum allowed page size.
561
562Returns:
563 An object of the form:
564
565 { # The response for ListDatabases.
566 "nextPageToken": "A String", # `next_page_token` can be sent in a subsequent
567 # ListDatabases call to fetch more
568 # of the matching databases.
569 "databases": [ # Databases that matched the request.
570 { # A Cloud Spanner database.
571 "state": "A String", # Output only. The current database state.
572 "name": "A String", # Required. The name of the database. Values are of the form
573 # `projects/<project>/instances/<instance>/databases/<database>`,
574 # where `<database>` is as specified in the `CREATE DATABASE`
575 # statement. This name can be passed to other API methods to
576 # identify the database.
577 },
578 ],
579 }</pre>
580</div>
581
582<div class="method">
583 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
584 <pre>Retrieves the next page of results.
585
586Args:
587 previous_request: The request for the previous page. (required)
588 previous_response: The response from the request for the previous page. (required)
589
590Returns:
591 A request object that you can call 'execute()' on to request the next
592 page. Returns None if there are no more items in the collection.
593 </pre>
594</div>
595
596<div class="method">
597 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
598 <pre>Sets the access control policy on a database resource. Replaces any
599existing policy.
600
601Authorization requires `spanner.databases.setIamPolicy` permission on
602resource.
603
604Args:
605 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being set. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for databases resources. (required)
606 body: object, The request body. (required)
607 The object takes the form of:
608
609{ # Request message for `SetIamPolicy` method.
610 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
611 # the policy is limited to a few 10s of KB. An empty policy is a
612 # valid policy but certain Cloud Platform services (such as Projects)
613 # might reject them.
614 # specify access control policies for Cloud Platform resources.
615 #
616 #
617 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
618 # `members` to a `role`, where the members can be user accounts, Google groups,
619 # Google domains, and service accounts. A `role` is a named list of permissions
620 # defined by IAM.
621 #
622 # **Example**
623 #
624 # {
625 # "bindings": [
626 # {
627 # "role": "roles/owner",
628 # "members": [
629 # "user:mike@example.com",
630 # "group:admins@example.com",
631 # "domain:google.com",
632 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
633 # ]
634 # },
635 # {
636 # "role": "roles/viewer",
637 # "members": ["user:sean@example.com"]
638 # }
639 # ]
640 # }
641 #
642 # For a description of IAM and its features, see the
643 # [IAM developer's guide](https://cloud.google.com/iam).
644 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
645 { # Specifies the audit configuration for a service.
646 # It consists of which permission types are logged, and what identities, if
647 # any, are exempted from logging.
648 # An AuditConifg must have one or more AuditLogConfigs.
649 "exemptedMembers": [ # Specifies the identities that are exempted from "data access" audit
650 # logging for the `service` specified above.
651 # Follows the same format of Binding.members.
652 # This field is deprecated in favor of per-permission-type exemptions.
653 "A String",
654 ],
655 "auditLogConfigs": [ # The configuration for logging of each type of permission.
656 # Next ID: 4
657 { # Provides the configuration for logging a type of permissions.
658 # Example:
659 #
660 # {
661 # "audit_log_configs": [
662 # {
663 # "log_type": "DATA_READ",
664 # "exempted_members": [
665 # "user:foo@gmail.com"
666 # ]
667 # },
668 # {
669 # "log_type": "DATA_WRITE",
670 # }
671 # ]
672 # }
673 #
674 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
675 # foo@gmail.com from DATA_READ logging.
676 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
677 # permission.
678 # Follows the same format of Binding.members.
679 "A String",
680 ],
681 "logType": "A String", # The log type that this config enables.
682 },
683 ],
684 "service": "A String", # Specifies a service that will be enabled for audit logging.
685 # For example, `resourcemanager`, `storage`, `compute`.
686 # `allServices` is a special value that covers all services.
687 },
688 ],
689 "rules": [ # If more than one rule is specified, the rules are applied in the following
690 # manner:
691 # - All matching LOG rules are always applied.
692 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
693 # Logging will be applied if one or more matching rule requires logging.
694 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
695 # granted.
696 # Logging will be applied if one or more matching rule requires logging.
697 # - Otherwise, if no rule applies, permission is denied.
698 { # A rule to be applied in a Policy.
699 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
700 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
701 # The format for in and not_in entries is the same as for members in a
702 # Binding (see google/iam/v1/policy.proto).
703 "A String",
704 ],
705 "description": "A String", # Human-readable description of the rule.
706 "in": [ # If one or more 'in' clauses are specified, the rule matches if
707 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
708 "A String",
709 ],
710 "action": "A String", # Required
711 "conditions": [ # Additional restrictions that must be met
712 { # A condition to be met.
713 "iam": "A String", # Trusted attributes supplied by the IAM system.
714 "svc": "A String", # Trusted attributes discharged by the service.
715 "value": "A String", # DEPRECATED. Use 'values' instead.
716 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
717 # the IAM system for access control.
718 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
719 "A String",
720 ],
721 "op": "A String", # An operator to apply the subject with.
722 },
723 ],
724 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
725 # that match the LOG action.
726 { # Specifies what kind of log the caller must write
727 # Increment a streamz counter with the specified metric and field names.
728 #
729 # Metric names should start with a '/', generally be lowercase-only,
730 # and end in "_count". Field names should not contain an initial slash.
731 # The actual exported metric names will have "/iam/policy" prepended.
732 #
733 # Field names correspond to IAM request parameters and field values are
734 # their respective values.
735 #
736 # At present the only supported field names are
737 # - "iam_principal", corresponding to IAMContext.principal;
738 # - "" (empty string), resulting in one aggretated counter with no field.
739 #
740 # Examples:
741 # counter { metric: "/debug_access_count" field: "iam_principal" }
742 # ==> increment counter /iam/policy/backend_debug_access_count
743 # {iam_principal=[value of IAMContext.principal]}
744 #
745 # At this time we do not support:
746 # * multiple field names (though this may be supported in the future)
747 # * decrementing the counter
748 # * incrementing it by anything other than 1
749 "counter": { # Options for counters # Counter options.
750 "field": "A String", # The field value to attribute.
751 "metric": "A String", # The metric to update.
752 },
753 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
754 },
755 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
756 },
757 },
758 ],
759 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
760 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
761 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
762 "A String",
763 ],
764 },
765 ],
766 "version": 42, # Version of the `Policy`. The default version is 0.
767 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
768 # prevent simultaneous updates of a policy from overwriting each other.
769 # It is strongly suggested that systems make use of the `etag` in the
770 # read-modify-write cycle to perform policy updates in order to avoid race
771 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
772 # systems are expected to put that etag in the request to `setIamPolicy` to
773 # ensure that their change will be applied to the same version of the policy.
774 #
775 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
776 # policy is overwritten blindly.
777 "bindings": [ # Associates a list of `members` to a `role`.
778 # Multiple `bindings` must not be specified for the same `role`.
779 # `bindings` with no members will result in an error.
780 { # Associates `members` with a `role`.
781 "role": "A String", # Role that is assigned to `members`.
782 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
783 # Required
784 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
785 # `members` can have the following values:
786 #
787 # * `allUsers`: A special identifier that represents anyone who is
788 # on the internet; with or without a Google account.
789 #
790 # * `allAuthenticatedUsers`: A special identifier that represents anyone
791 # who is authenticated with a Google account or a service account.
792 #
793 # * `user:{emailid}`: An email address that represents a specific Google
794 # account. For example, `alice@gmail.com` or `joe@example.com`.
795 #
796 #
797 # * `serviceAccount:{emailid}`: An email address that represents a service
798 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
799 #
800 # * `group:{emailid}`: An email address that represents a Google group.
801 # For example, `admins@example.com`.
802 #
803 # * `domain:{domain}`: A Google Apps domain name that represents all the
804 # users of that domain. For example, `google.com` or `example.com`.
805 #
806 "A String",
807 ],
808 },
809 ],
810 "iamOwned": True or False,
811 },
812 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
813 # the fields in the mask will be modified. If no mask is provided, a default
814 # mask is used:
815 # paths: "bindings, etag"
816 # This field is only used by Cloud IAM.
817 }
818
819 x__xgafv: string, V1 error format.
820 Allowed values
821 1 - v1 error format
822 2 - v2 error format
823
824Returns:
825 An object of the form:
826
827 { # Defines an Identity and Access Management (IAM) policy. It is used to
828 # specify access control policies for Cloud Platform resources.
829 #
830 #
831 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
832 # `members` to a `role`, where the members can be user accounts, Google groups,
833 # Google domains, and service accounts. A `role` is a named list of permissions
834 # defined by IAM.
835 #
836 # **Example**
837 #
838 # {
839 # "bindings": [
840 # {
841 # "role": "roles/owner",
842 # "members": [
843 # "user:mike@example.com",
844 # "group:admins@example.com",
845 # "domain:google.com",
846 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
847 # ]
848 # },
849 # {
850 # "role": "roles/viewer",
851 # "members": ["user:sean@example.com"]
852 # }
853 # ]
854 # }
855 #
856 # For a description of IAM and its features, see the
857 # [IAM developer's guide](https://cloud.google.com/iam).
858 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
859 { # Specifies the audit configuration for a service.
860 # It consists of which permission types are logged, and what identities, if
861 # any, are exempted from logging.
862 # An AuditConifg must have one or more AuditLogConfigs.
863 "exemptedMembers": [ # Specifies the identities that are exempted from "data access" audit
864 # logging for the `service` specified above.
865 # Follows the same format of Binding.members.
866 # This field is deprecated in favor of per-permission-type exemptions.
867 "A String",
868 ],
869 "auditLogConfigs": [ # The configuration for logging of each type of permission.
870 # Next ID: 4
871 { # Provides the configuration for logging a type of permissions.
872 # Example:
873 #
874 # {
875 # "audit_log_configs": [
876 # {
877 # "log_type": "DATA_READ",
878 # "exempted_members": [
879 # "user:foo@gmail.com"
880 # ]
881 # },
882 # {
883 # "log_type": "DATA_WRITE",
884 # }
885 # ]
886 # }
887 #
888 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
889 # foo@gmail.com from DATA_READ logging.
890 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
891 # permission.
892 # Follows the same format of Binding.members.
893 "A String",
894 ],
895 "logType": "A String", # The log type that this config enables.
896 },
897 ],
898 "service": "A String", # Specifies a service that will be enabled for audit logging.
899 # For example, `resourcemanager`, `storage`, `compute`.
900 # `allServices` is a special value that covers all services.
901 },
902 ],
903 "rules": [ # If more than one rule is specified, the rules are applied in the following
904 # manner:
905 # - All matching LOG rules are always applied.
906 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
907 # Logging will be applied if one or more matching rule requires logging.
908 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
909 # granted.
910 # Logging will be applied if one or more matching rule requires logging.
911 # - Otherwise, if no rule applies, permission is denied.
912 { # A rule to be applied in a Policy.
913 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
914 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
915 # The format for in and not_in entries is the same as for members in a
916 # Binding (see google/iam/v1/policy.proto).
917 "A String",
918 ],
919 "description": "A String", # Human-readable description of the rule.
920 "in": [ # If one or more 'in' clauses are specified, the rule matches if
921 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
922 "A String",
923 ],
924 "action": "A String", # Required
925 "conditions": [ # Additional restrictions that must be met
926 { # A condition to be met.
927 "iam": "A String", # Trusted attributes supplied by the IAM system.
928 "svc": "A String", # Trusted attributes discharged by the service.
929 "value": "A String", # DEPRECATED. Use 'values' instead.
930 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
931 # the IAM system for access control.
932 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
933 "A String",
934 ],
935 "op": "A String", # An operator to apply the subject with.
936 },
937 ],
938 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
939 # that match the LOG action.
940 { # Specifies what kind of log the caller must write
941 # Increment a streamz counter with the specified metric and field names.
942 #
943 # Metric names should start with a '/', generally be lowercase-only,
944 # and end in "_count". Field names should not contain an initial slash.
945 # The actual exported metric names will have "/iam/policy" prepended.
946 #
947 # Field names correspond to IAM request parameters and field values are
948 # their respective values.
949 #
950 # At present the only supported field names are
951 # - "iam_principal", corresponding to IAMContext.principal;
952 # - "" (empty string), resulting in one aggretated counter with no field.
953 #
954 # Examples:
955 # counter { metric: "/debug_access_count" field: "iam_principal" }
956 # ==> increment counter /iam/policy/backend_debug_access_count
957 # {iam_principal=[value of IAMContext.principal]}
958 #
959 # At this time we do not support:
960 # * multiple field names (though this may be supported in the future)
961 # * decrementing the counter
962 # * incrementing it by anything other than 1
963 "counter": { # Options for counters # Counter options.
964 "field": "A String", # The field value to attribute.
965 "metric": "A String", # The metric to update.
966 },
967 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
968 },
969 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
970 },
971 },
972 ],
973 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
974 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
975 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
976 "A String",
977 ],
978 },
979 ],
980 "version": 42, # Version of the `Policy`. The default version is 0.
981 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
982 # prevent simultaneous updates of a policy from overwriting each other.
983 # It is strongly suggested that systems make use of the `etag` in the
984 # read-modify-write cycle to perform policy updates in order to avoid race
985 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
986 # systems are expected to put that etag in the request to `setIamPolicy` to
987 # ensure that their change will be applied to the same version of the policy.
988 #
989 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
990 # policy is overwritten blindly.
991 "bindings": [ # Associates a list of `members` to a `role`.
992 # Multiple `bindings` must not be specified for the same `role`.
993 # `bindings` with no members will result in an error.
994 { # Associates `members` with a `role`.
995 "role": "A String", # Role that is assigned to `members`.
996 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
997 # Required
998 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
999 # `members` can have the following values:
1000 #
1001 # * `allUsers`: A special identifier that represents anyone who is
1002 # on the internet; with or without a Google account.
1003 #
1004 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1005 # who is authenticated with a Google account or a service account.
1006 #
1007 # * `user:{emailid}`: An email address that represents a specific Google
1008 # account. For example, `alice@gmail.com` or `joe@example.com`.
1009 #
1010 #
1011 # * `serviceAccount:{emailid}`: An email address that represents a service
1012 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1013 #
1014 # * `group:{emailid}`: An email address that represents a Google group.
1015 # For example, `admins@example.com`.
1016 #
1017 # * `domain:{domain}`: A Google Apps domain name that represents all the
1018 # users of that domain. For example, `google.com` or `example.com`.
1019 #
1020 "A String",
1021 ],
1022 },
1023 ],
1024 "iamOwned": True or False,
1025 }</pre>
1026</div>
1027
1028<div class="method">
1029 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
1030 <pre>Returns permissions that the caller has on the specified database resource.
1031
1032Attempting this RPC on a non-existent Cloud Spanner database will result in
1033a NOT_FOUND error if the user has `spanner.databases.list` permission on
1034the containing Cloud Spanner instance. Otherwise returns an empty set of
1035permissions.
1036
1037Args:
1038 resource: string, REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required)
1039 body: object, The request body. (required)
1040 The object takes the form of:
1041
1042{ # Request message for `TestIamPermissions` method.
1043 "permissions": [ # REQUIRED: The set of permissions to check for 'resource'.
1044 # Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed.
1045 "A String",
1046 ],
1047 }
1048
1049 x__xgafv: string, V1 error format.
1050 Allowed values
1051 1 - v1 error format
1052 2 - v2 error format
1053
1054Returns:
1055 An object of the form:
1056
1057 { # Response message for `TestIamPermissions` method.
1058 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1059 # allowed.
1060 "A String",
1061 ],
1062 }</pre>
1063</div>
1064
1065<div class="method">
1066 <code class="details" id="updateDdl">updateDdl(database, body, x__xgafv=None)</code>
1067 <pre>Updates the schema of a Cloud Spanner database by
1068creating/altering/dropping tables, columns, indexes, etc. The returned
1069long-running operation will have a name of
1070the format `<database_name>/operations/<operation_id>` and can be used to
1071track execution of the schema change(s). The
1072metadata field type is
1073UpdateDatabaseDdlMetadata. The operation has no response.
1074
1075Args:
1076 database: string, Required. The database to update. (required)
1077 body: object, The request body. (required)
1078 The object takes the form of:
1079
1080{ # Enqueues the given DDL statements to be applied, in order but not
1081 # necessarily all at once, to the database schema at some point (or
1082 # points) in the future. The server checks that the statements
1083 # are executable (syntactically valid, name tables that exist, etc.)
1084 # before enqueueing them, but they may still fail upon
1085 # later execution (e.g., if a statement from another batch of
1086 # statements is applied first and it conflicts in some way, or if
1087 # there is some data-related problem like a `NULL` value in a column to
1088 # which `NOT NULL` would be added). If a statement fails, all
1089 # subsequent statements in the batch are automatically cancelled.
1090 #
1091 # Each batch of statements is assigned a name which can be used with
1092 # the Operations API to monitor
1093 # progress. See the
1094 # operation_id field for more
1095 # details.
1096 "statements": [ # DDL statements to be applied to the database.
1097 "A String",
1098 ],
1099 "operationId": "A String", # If empty, the new update request is assigned an
1100 # automatically-generated operation ID. Otherwise, `operation_id`
1101 # is used to construct the name of the resulting
1102 # Operation.
1103 #
1104 # Specifying an explicit operation ID simplifies determining
1105 # whether the statements were executed in the event that the
1106 # UpdateDatabaseDdl call is replayed,
1107 # or the return value is otherwise lost: the database and
1108 # `operation_id` fields can be combined to form the
1109 # name of the resulting
1110 # longrunning.Operation: `<database>/operations/<operation_id>`.
1111 #
1112 # `operation_id` should be unique within the database, and must be
1113 # a valid identifier: `a-z*`. Note that
1114 # automatically-generated operation IDs always begin with an
1115 # underscore. If the named operation already exists,
1116 # UpdateDatabaseDdl returns
1117 # `ALREADY_EXISTS`.
1118 }
1119
1120 x__xgafv: string, V1 error format.
1121 Allowed values
1122 1 - v1 error format
1123 2 - v2 error format
1124
1125Returns:
1126 An object of the form:
1127
1128 { # This resource represents a long-running operation that is the result of a
1129 # network API call.
1130 "metadata": { # Service-specific metadata associated with the operation. It typically
1131 # contains progress information and common metadata such as create time.
1132 # Some services might not provide such metadata. Any method that returns a
1133 # long-running operation should document the metadata type, if any.
1134 "a_key": "", # Properties of the object. Contains field @type with type URL.
1135 },
1136 "done": True or False, # If the value is `false`, it means the operation is still in progress.
1137 # If true, the operation is completed, and either `error` or `response` is
1138 # available.
1139 "response": { # The normal response of the operation in case of success. If the original
1140 # method returns no data on success, such as `Delete`, the response is
1141 # `google.protobuf.Empty`. If the original method is standard
1142 # `Get`/`Create`/`Update`, the response should be the resource. For other
1143 # methods, the response should have the type `XxxResponse`, where `Xxx`
1144 # is the original method name. For example, if the original method name
1145 # is `TakeSnapshot()`, the inferred response type is
1146 # `TakeSnapshotResponse`.
1147 "a_key": "", # Properties of the object. Contains field @type with type URL.
1148 },
1149 "name": "A String", # The server-assigned name, which is only unique within the same service that
1150 # originally returns it. If you use the default HTTP mapping, the
1151 # `name` should have the format of `operations/some/unique/name`.
1152 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation.
1153 # programming environments, including REST APIs and RPC APIs. It is used by
1154 # [gRPC](https://github.com/grpc). The error model is designed to be:
1155 #
1156 # - Simple to use and understand for most users
1157 # - Flexible enough to meet unexpected needs
1158 #
1159 # # Overview
1160 #
1161 # The `Status` message contains three pieces of data: error code, error message,
1162 # and error details. The error code should be an enum value of
1163 # google.rpc.Code, but it may accept additional error codes if needed. The
1164 # error message should be a developer-facing English message that helps
1165 # developers *understand* and *resolve* the error. If a localized user-facing
1166 # error message is needed, put the localized message in the error details or
1167 # localize it in the client. The optional error details may contain arbitrary
1168 # information about the error. There is a predefined set of error detail types
1169 # in the package `google.rpc` which can be used for common error conditions.
1170 #
1171 # # Language mapping
1172 #
1173 # The `Status` message is the logical representation of the error model, but it
1174 # is not necessarily the actual wire format. When the `Status` message is
1175 # exposed in different client libraries and different wire protocols, it can be
1176 # mapped differently. For example, it will likely be mapped to some exceptions
1177 # in Java, but more likely mapped to some error codes in C.
1178 #
1179 # # Other uses
1180 #
1181 # The error model and the `Status` message can be used in a variety of
1182 # environments, either with or without APIs, to provide a
1183 # consistent developer experience across different environments.
1184 #
1185 # Example uses of this error model include:
1186 #
1187 # - Partial errors. If a service needs to return partial errors to the client,
1188 # it may embed the `Status` in the normal response to indicate the partial
1189 # errors.
1190 #
1191 # - Workflow errors. A typical workflow has multiple steps. Each step may
1192 # have a `Status` message for error reporting purpose.
1193 #
1194 # - Batch operations. If a client uses batch request and batch response, the
1195 # `Status` message should be used directly inside batch response, one for
1196 # each error sub-response.
1197 #
1198 # - Asynchronous operations. If an API call embeds asynchronous operation
1199 # results in its response, the status of those operations should be
1200 # represented directly using the `Status` message.
1201 #
1202 # - Logging. If some API errors are stored in logs, the message `Status` could
1203 # be used directly after any stripping needed for security/privacy reasons.
1204 "message": "A String", # A developer-facing error message, which should be in English. Any
1205 # user-facing error message should be localized and sent in the
1206 # google.rpc.Status.details field, or localized by the client.
1207 "code": 42, # The status code, which should be an enum value of google.rpc.Code.
1208 "details": [ # A list of messages that carry the error details. There will be a
1209 # common set of message types for APIs to use.
1210 {
1211 "a_key": "", # Properties of the object. Contains field @type with type URL.
1212 },
1213 ],
1214 },
1215 }</pre>
1216</div>
1217
1218</body></html>