blob: e90a30c531eee3a80ad30e7910750f8c1f669ef7 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="accesscontextmanager_v1beta.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1beta.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1beta.accessPolicies.accessLevels.html">accessLevels</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070078 <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070079<p class="firstline">Create an Access Level. The longrunning</p>
80<p class="toc_element">
81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Delete an Access Level by resource</p>
83<p class="toc_element">
84 <code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>
85<p class="firstline">Get an Access Level by resource</p>
86<p class="toc_element">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070087 <code><a href="#list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070088<p class="firstline">List all Access Levels for an access</p>
89<p class="toc_element">
90 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
91<p class="firstline">Retrieves the next page of results.</p>
92<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070093 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070094<p class="firstline">Update an Access Level. The longrunning</p>
95<h3>Method Details</h3>
96<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -070097 <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070098 <pre>Create an Access Level. The longrunning
99operation from this RPC will have a successful status once the Access
100Level has
101propagated to long-lasting storage. Access Levels containing
102errors will result in an error response for the first error encountered.
103
104Args:
105 parent: string, Required. Resource name for the access policy which owns this Access
106Level.
107
108Format: `accessPolicies/{policy_id}` (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700109 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700110 The object takes the form of:
111
Dan O'Mearadd494642020-05-01 07:42:23 -0700112{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
Bu Sun Kim65020912020-05-20 12:08:20 -0700113 # services, along with a list of requirements necessary for the label to be
114 # applied.
115 &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
116 # to represent the necessary conditions for the level to apply to a request.
117 # See CEL spec at: https://github.com/google/cel-spec
118 &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
119 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
120 # are documented at https://github.com/google/cel-spec.
121 #
122 # Example (Comparison):
123 #
124 # title: &quot;Summary size limit&quot;
125 # description: &quot;Determines if a summary is less than 100 chars&quot;
126 # expression: &quot;document.summary.size() &lt; 100&quot;
127 #
128 # Example (Equality):
129 #
130 # title: &quot;Requestor is owner&quot;
131 # description: &quot;Determines if requestor is the document owner&quot;
132 # expression: &quot;document.owner == request.auth.claims.email&quot;
133 #
134 # Example (Logic):
135 #
136 # title: &quot;Public documents&quot;
137 # description: &quot;Determine whether the document should be publicly visible&quot;
138 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
139 #
140 # Example (Data Manipulation):
141 #
142 # title: &quot;Notification string&quot;
143 # description: &quot;Create a notification string with a timestamp.&quot;
144 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
145 #
146 # The exact variables and functions that may be referenced within an expression
147 # are determined by the service that evaluates it. See the service
148 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700149 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
150 # its purpose. This can be used e.g. in UIs which allow to enter the
151 # expression.
152 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
153 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700154 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
155 # describes the expression, e.g. when hovered over it in a UI.
156 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
157 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -0700158 },
159 },
160 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
161 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
162 # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
163 # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
164 # // of the `short_name` component is 50 characters.
165 &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700166 &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
167 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
168 # AND over its fields. So a Condition is true if: 1) the request IP is from one
169 # of the listed subnetworks AND 2) the originating device complies with the
170 # listed device policy AND 3) all listed access levels are granted AND 4) the
171 # request was sent at a time allowed by the DateTimeRestriction.
Bu Sun Kim65020912020-05-20 12:08:20 -0700172 &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
173 # Condition to be true. If not specified, all devices are allowed.
174 # given access level. A `DevicePolicy` specifies requirements for requests from
175 # devices to be granted access levels, it does not do any enforcement on the
176 # device. `DevicePolicy` acts as an AND over all specified fields, and each
177 # repeated field is an OR over its elements. Any unset fields are ignored. For
178 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
179 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
180 # true for requests originating from encrypted Linux desktops and encrypted
181 # Windows desktops.
Bu Sun Kim65020912020-05-20 12:08:20 -0700182 &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
183 # levels.
184 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700185 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700186 &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
187 { # A restriction on the OS type and version of devices making requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700188 &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
189 # Verifications includes requirements that the device is enterprise-managed,
190 # conformant to domain policies, and the caller has permission to call
191 # the API targeted by the request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700192 &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
193 # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
194 # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
195 &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700196 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700197 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700198 &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
199 &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
200 &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
201 # Defaults to `false`.
202 &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
203 &quot;A String&quot;,
204 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700205 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700206 &quot;members&quot;: [ # The request must be made by one of the provided user or service
207 # accounts. Groups are not supported.
208 # Syntax:
209 # `user:{emailid}`
210 # `serviceAccount:{emailid}`
211 # If not specified, a request may come from any user.
212 &quot;A String&quot;,
213 ],
214 &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
215 # a CIDR IP address block, the specified IP address portion must be properly
216 # truncated (i.e. all the host bits must be zero) or the input is considered
217 # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
218 # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
219 # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
220 # the listed subnets in order for this Condition to be true. If empty, all IP
221 # addresses are allowed.
222 &quot;A String&quot;,
223 ],
224 &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
225 # its non-empty fields, each field must be false for the Condition overall to
226 # be satisfied. Defaults to false.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700227 &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
228 # Must be valid ISO 3166-1 alpha-2 codes.
229 &quot;A String&quot;,
230 ],
231 &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
232 # resource name. Referencing an `AccessLevel` which does not exist is an
233 # error. All access levels listed must be granted for the Condition
234 # to be true. Example:
235 # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
236 &quot;A String&quot;,
237 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700238 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700239 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700240 &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
241 # granted this `AccessLevel`. If AND is used, each `Condition` in
242 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
243 # is used, at least one `Condition` in `conditions` must be satisfied for the
244 # `AccessLevel` to be applied. Default behavior is AND.
Bu Sun Kim65020912020-05-20 12:08:20 -0700245 },
246 &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
247}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700248
249 x__xgafv: string, V1 error format.
250 Allowed values
251 1 - v1 error format
252 2 - v2 error format
253
254Returns:
255 An object of the form:
256
257 { # This resource represents a long-running operation that is the result of a
258 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700259 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
Dan O'Mearadd494642020-05-01 07:42:23 -0700260 # originally returns it. If you use the default HTTP mapping, the
261 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700262 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
263 # different programming environments, including REST APIs and RPC APIs. It is
264 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
265 # three pieces of data: error code, error message, and error details.
266 #
267 # You can find out more about this error model and how to work with it in the
268 # [API Design Guide](https://cloud.google.com/apis/design/errors).
269 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
270 # message types for APIs to use.
271 {
272 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
273 },
274 ],
275 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
276 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
277 # user-facing error message should be localized and sent in the
278 # google.rpc.Status.details field, or localized by the client.
279 },
280 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
281 # contains progress information and common metadata such as create time.
282 # Some services might not provide such metadata. Any method that returns a
283 # long-running operation should document the metadata type, if any.
284 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
285 },
286 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
287 # If `true`, the operation is completed, and either `error` or `response` is
288 # available.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700289 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
290 # method returns no data on success, such as `Delete`, the response is
291 # `google.protobuf.Empty`. If the original method is standard
292 # `Get`/`Create`/`Update`, the response should be the resource. For other
293 # methods, the response should have the type `XxxResponse`, where `Xxx`
294 # is the original method name. For example, if the original method name
295 # is `TakeSnapshot()`, the inferred response type is
296 # `TakeSnapshotResponse`.
297 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
298 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700299 }</pre>
300</div>
301
302<div class="method">
303 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
304 <pre>Delete an Access Level by resource
305name. The longrunning operation from this RPC will have a successful status
306once the Access Level has been removed
307from long-lasting storage.
308
309Args:
310 name: string, Required. Resource name for the Access Level.
311
312Format:
313`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
314 x__xgafv: string, V1 error format.
315 Allowed values
316 1 - v1 error format
317 2 - v2 error format
318
319Returns:
320 An object of the form:
321
322 { # This resource represents a long-running operation that is the result of a
323 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700324 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
Dan O'Mearadd494642020-05-01 07:42:23 -0700325 # originally returns it. If you use the default HTTP mapping, the
326 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700327 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
328 # different programming environments, including REST APIs and RPC APIs. It is
329 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
330 # three pieces of data: error code, error message, and error details.
331 #
332 # You can find out more about this error model and how to work with it in the
333 # [API Design Guide](https://cloud.google.com/apis/design/errors).
334 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
335 # message types for APIs to use.
336 {
337 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
338 },
339 ],
340 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
341 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
342 # user-facing error message should be localized and sent in the
343 # google.rpc.Status.details field, or localized by the client.
344 },
345 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
346 # contains progress information and common metadata such as create time.
347 # Some services might not provide such metadata. Any method that returns a
348 # long-running operation should document the metadata type, if any.
349 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
350 },
351 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
352 # If `true`, the operation is completed, and either `error` or `response` is
353 # available.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700354 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
355 # method returns no data on success, such as `Delete`, the response is
356 # `google.protobuf.Empty`. If the original method is standard
357 # `Get`/`Create`/`Update`, the response should be the resource. For other
358 # methods, the response should have the type `XxxResponse`, where `Xxx`
359 # is the original method name. For example, if the original method name
360 # is `TakeSnapshot()`, the inferred response type is
361 # `TakeSnapshotResponse`.
362 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
363 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700364 }</pre>
365</div>
366
367<div class="method">
368 <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>
369 <pre>Get an Access Level by resource
370name.
371
372Args:
373 name: string, Required. Resource name for the Access Level.
374
375Format:
376`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
377 accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression
378Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
379Access Levels
380are returned as `BasicLevels` or `CustomLevels` based on how they were
381created. If set to CEL, all Access Levels are returned as
382`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
383`CustomLevels`.
384 x__xgafv: string, V1 error format.
385 Allowed values
386 1 - v1 error format
387 2 - v2 error format
388
389Returns:
390 An object of the form:
391
Dan O'Mearadd494642020-05-01 07:42:23 -0700392 { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
Bu Sun Kim65020912020-05-20 12:08:20 -0700393 # services, along with a list of requirements necessary for the label to be
394 # applied.
395 &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
396 # to represent the necessary conditions for the level to apply to a request.
397 # See CEL spec at: https://github.com/google/cel-spec
398 &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
399 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
400 # are documented at https://github.com/google/cel-spec.
401 #
402 # Example (Comparison):
403 #
404 # title: &quot;Summary size limit&quot;
405 # description: &quot;Determines if a summary is less than 100 chars&quot;
406 # expression: &quot;document.summary.size() &lt; 100&quot;
407 #
408 # Example (Equality):
409 #
410 # title: &quot;Requestor is owner&quot;
411 # description: &quot;Determines if requestor is the document owner&quot;
412 # expression: &quot;document.owner == request.auth.claims.email&quot;
413 #
414 # Example (Logic):
415 #
416 # title: &quot;Public documents&quot;
417 # description: &quot;Determine whether the document should be publicly visible&quot;
418 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
419 #
420 # Example (Data Manipulation):
421 #
422 # title: &quot;Notification string&quot;
423 # description: &quot;Create a notification string with a timestamp.&quot;
424 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
425 #
426 # The exact variables and functions that may be referenced within an expression
427 # are determined by the service that evaluates it. See the service
428 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700429 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
430 # its purpose. This can be used e.g. in UIs which allow to enter the
431 # expression.
432 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
433 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700434 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
435 # describes the expression, e.g. when hovered over it in a UI.
436 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
437 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -0700438 },
439 },
440 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
441 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
442 # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
443 # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
444 # // of the `short_name` component is 50 characters.
445 &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700446 &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
447 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
448 # AND over its fields. So a Condition is true if: 1) the request IP is from one
449 # of the listed subnetworks AND 2) the originating device complies with the
450 # listed device policy AND 3) all listed access levels are granted AND 4) the
451 # request was sent at a time allowed by the DateTimeRestriction.
Bu Sun Kim65020912020-05-20 12:08:20 -0700452 &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
453 # Condition to be true. If not specified, all devices are allowed.
454 # given access level. A `DevicePolicy` specifies requirements for requests from
455 # devices to be granted access levels, it does not do any enforcement on the
456 # device. `DevicePolicy` acts as an AND over all specified fields, and each
457 # repeated field is an OR over its elements. Any unset fields are ignored. For
458 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
459 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
460 # true for requests originating from encrypted Linux desktops and encrypted
461 # Windows desktops.
Bu Sun Kim65020912020-05-20 12:08:20 -0700462 &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
463 # levels.
464 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700465 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700466 &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
467 { # A restriction on the OS type and version of devices making requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700468 &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
469 # Verifications includes requirements that the device is enterprise-managed,
470 # conformant to domain policies, and the caller has permission to call
471 # the API targeted by the request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700472 &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
473 # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
474 # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
475 &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700476 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700477 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700478 &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
479 &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
480 &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
481 # Defaults to `false`.
482 &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
483 &quot;A String&quot;,
484 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700485 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700486 &quot;members&quot;: [ # The request must be made by one of the provided user or service
487 # accounts. Groups are not supported.
488 # Syntax:
489 # `user:{emailid}`
490 # `serviceAccount:{emailid}`
491 # If not specified, a request may come from any user.
492 &quot;A String&quot;,
493 ],
494 &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
495 # a CIDR IP address block, the specified IP address portion must be properly
496 # truncated (i.e. all the host bits must be zero) or the input is considered
497 # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
498 # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
499 # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
500 # the listed subnets in order for this Condition to be true. If empty, all IP
501 # addresses are allowed.
502 &quot;A String&quot;,
503 ],
504 &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
505 # its non-empty fields, each field must be false for the Condition overall to
506 # be satisfied. Defaults to false.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700507 &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
508 # Must be valid ISO 3166-1 alpha-2 codes.
509 &quot;A String&quot;,
510 ],
511 &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
512 # resource name. Referencing an `AccessLevel` which does not exist is an
513 # error. All access levels listed must be granted for the Condition
514 # to be true. Example:
515 # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
516 &quot;A String&quot;,
517 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700518 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700519 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700520 &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
521 # granted this `AccessLevel`. If AND is used, each `Condition` in
522 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
523 # is used, at least one `Condition` in `conditions` must be satisfied for the
524 # `AccessLevel` to be applied. Default behavior is AND.
Bu Sun Kim65020912020-05-20 12:08:20 -0700525 },
526 &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
527 }</pre>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700528</div>
529
530<div class="method">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700531 <code class="details" id="list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700532 <pre>List all Access Levels for an access
533policy.
534
535Args:
536 parent: string, Required. Resource name for the access policy to list Access Levels from.
537
538Format:
539`accessPolicies/{policy_id}` (required)
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700540 accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as
541`CustomLevels`, rather than as `BasicLevels`. Defaults to returning
542`AccessLevels` in the format they were defined.
Bu Sun Kim65020912020-05-20 12:08:20 -0700543 pageToken: string, Next page token for the next batch of Access Level instances.
544Defaults to the first page of results.
545 pageSize: integer, Number of Access Levels to include in
546the list. Default 100.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700547 x__xgafv: string, V1 error format.
548 Allowed values
549 1 - v1 error format
550 2 - v2 error format
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700551
552Returns:
553 An object of the form:
554
555 { # A response to `ListAccessLevelsRequest`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700556 &quot;nextPageToken&quot;: &quot;A String&quot;, # The pagination token to retrieve the next page of results. If the value is
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700557 # empty, no further results remain.
Bu Sun Kim65020912020-05-20 12:08:20 -0700558 &quot;accessLevels&quot;: [ # List of the Access Level instances.
Dan O'Mearadd494642020-05-01 07:42:23 -0700559 { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
Bu Sun Kim65020912020-05-20 12:08:20 -0700560 # services, along with a list of requirements necessary for the label to be
561 # applied.
562 &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
563 # to represent the necessary conditions for the level to apply to a request.
564 # See CEL spec at: https://github.com/google/cel-spec
565 &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
566 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
567 # are documented at https://github.com/google/cel-spec.
568 #
569 # Example (Comparison):
570 #
571 # title: &quot;Summary size limit&quot;
572 # description: &quot;Determines if a summary is less than 100 chars&quot;
573 # expression: &quot;document.summary.size() &lt; 100&quot;
574 #
575 # Example (Equality):
576 #
577 # title: &quot;Requestor is owner&quot;
578 # description: &quot;Determines if requestor is the document owner&quot;
579 # expression: &quot;document.owner == request.auth.claims.email&quot;
580 #
581 # Example (Logic):
582 #
583 # title: &quot;Public documents&quot;
584 # description: &quot;Determine whether the document should be publicly visible&quot;
585 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
586 #
587 # Example (Data Manipulation):
588 #
589 # title: &quot;Notification string&quot;
590 # description: &quot;Create a notification string with a timestamp.&quot;
591 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
592 #
593 # The exact variables and functions that may be referenced within an expression
594 # are determined by the service that evaluates it. See the service
595 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700596 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
597 # its purpose. This can be used e.g. in UIs which allow to enter the
598 # expression.
599 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
600 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700601 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
602 # describes the expression, e.g. when hovered over it in a UI.
603 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
604 # syntax.
Dan O'Mearadd494642020-05-01 07:42:23 -0700605 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700606 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700607 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
608 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
609 # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
610 # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
611 # // of the `short_name` component is 50 characters.
612 &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700613 &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
614 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
615 # AND over its fields. So a Condition is true if: 1) the request IP is from one
616 # of the listed subnetworks AND 2) the originating device complies with the
617 # listed device policy AND 3) all listed access levels are granted AND 4) the
618 # request was sent at a time allowed by the DateTimeRestriction.
Bu Sun Kim65020912020-05-20 12:08:20 -0700619 &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
620 # Condition to be true. If not specified, all devices are allowed.
621 # given access level. A `DevicePolicy` specifies requirements for requests from
622 # devices to be granted access levels, it does not do any enforcement on the
623 # device. `DevicePolicy` acts as an AND over all specified fields, and each
624 # repeated field is an OR over its elements. Any unset fields are ignored. For
625 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
626 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
627 # true for requests originating from encrypted Linux desktops and encrypted
628 # Windows desktops.
Bu Sun Kim65020912020-05-20 12:08:20 -0700629 &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
630 # levels.
631 &quot;A String&quot;,
632 ],
633 &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
634 { # A restriction on the OS type and version of devices making requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700635 &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
636 # Verifications includes requirements that the device is enterprise-managed,
637 # conformant to domain policies, and the caller has permission to call
638 # the API targeted by the request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700639 &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
640 # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
641 # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
642 &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700643 },
644 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700645 &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
646 &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
647 &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
648 # Defaults to `false`.
649 &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
650 &quot;A String&quot;,
651 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700652 },
653 &quot;members&quot;: [ # The request must be made by one of the provided user or service
654 # accounts. Groups are not supported.
655 # Syntax:
656 # `user:{emailid}`
657 # `serviceAccount:{emailid}`
658 # If not specified, a request may come from any user.
659 &quot;A String&quot;,
660 ],
661 &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
662 # a CIDR IP address block, the specified IP address portion must be properly
663 # truncated (i.e. all the host bits must be zero) or the input is considered
664 # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
665 # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
666 # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
667 # the listed subnets in order for this Condition to be true. If empty, all IP
668 # addresses are allowed.
669 &quot;A String&quot;,
670 ],
671 &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
672 # its non-empty fields, each field must be false for the Condition overall to
673 # be satisfied. Defaults to false.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700674 &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
675 # Must be valid ISO 3166-1 alpha-2 codes.
676 &quot;A String&quot;,
677 ],
678 &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
679 # resource name. Referencing an `AccessLevel` which does not exist is an
680 # error. All access levels listed must be granted for the Condition
681 # to be true. Example:
682 # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
683 &quot;A String&quot;,
684 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700685 },
686 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700687 &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
688 # granted this `AccessLevel`. If AND is used, each `Condition` in
689 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
690 # is used, at least one `Condition` in `conditions` must be satisfied for the
691 # `AccessLevel` to be applied. Default behavior is AND.
Bu Sun Kim65020912020-05-20 12:08:20 -0700692 },
693 &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
694 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700695 ],
696 }</pre>
697</div>
698
699<div class="method">
700 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
701 <pre>Retrieves the next page of results.
702
703Args:
704 previous_request: The request for the previous page. (required)
705 previous_response: The response from the request for the previous page. (required)
706
707Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -0700708 A request object that you can call &#x27;execute()&#x27; on to request the next
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700709 page. Returns None if there are no more items in the collection.
710 </pre>
711</div>
712
713<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700714 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700715 <pre>Update an Access Level. The longrunning
716operation from this RPC will have a successful status once the changes to
717the Access Level have propagated
718to long-lasting storage. Access Levels containing
719errors will result in an error response for the first error encountered.
720
721Args:
722 name: string, Required. Resource name for the Access Level. The `short_name` component
Bu Sun Kim65020912020-05-20 12:08:20 -0700723must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
Dan O'Mearadd494642020-05-01 07:42:23 -0700724`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
725 // of the `short_name` component is 50 characters. (required)
726 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700727 The object takes the form of:
728
Dan O'Mearadd494642020-05-01 07:42:23 -0700729{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
Bu Sun Kim65020912020-05-20 12:08:20 -0700730 # services, along with a list of requirements necessary for the label to be
731 # applied.
732 &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
733 # to represent the necessary conditions for the level to apply to a request.
734 # See CEL spec at: https://github.com/google/cel-spec
735 &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
736 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
737 # are documented at https://github.com/google/cel-spec.
738 #
739 # Example (Comparison):
740 #
741 # title: &quot;Summary size limit&quot;
742 # description: &quot;Determines if a summary is less than 100 chars&quot;
743 # expression: &quot;document.summary.size() &lt; 100&quot;
744 #
745 # Example (Equality):
746 #
747 # title: &quot;Requestor is owner&quot;
748 # description: &quot;Determines if requestor is the document owner&quot;
749 # expression: &quot;document.owner == request.auth.claims.email&quot;
750 #
751 # Example (Logic):
752 #
753 # title: &quot;Public documents&quot;
754 # description: &quot;Determine whether the document should be publicly visible&quot;
755 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
756 #
757 # Example (Data Manipulation):
758 #
759 # title: &quot;Notification string&quot;
760 # description: &quot;Create a notification string with a timestamp.&quot;
761 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
762 #
763 # The exact variables and functions that may be referenced within an expression
764 # are determined by the service that evaluates it. See the service
765 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700766 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
767 # its purpose. This can be used e.g. in UIs which allow to enter the
768 # expression.
769 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
770 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700771 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
772 # describes the expression, e.g. when hovered over it in a UI.
773 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
774 # syntax.
Bu Sun Kim65020912020-05-20 12:08:20 -0700775 },
776 },
777 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
778 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
779 # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
780 # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
781 # // of the `short_name` component is 50 characters.
782 &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700783 &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
784 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
785 # AND over its fields. So a Condition is true if: 1) the request IP is from one
786 # of the listed subnetworks AND 2) the originating device complies with the
787 # listed device policy AND 3) all listed access levels are granted AND 4) the
788 # request was sent at a time allowed by the DateTimeRestriction.
Bu Sun Kim65020912020-05-20 12:08:20 -0700789 &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
790 # Condition to be true. If not specified, all devices are allowed.
791 # given access level. A `DevicePolicy` specifies requirements for requests from
792 # devices to be granted access levels, it does not do any enforcement on the
793 # device. `DevicePolicy` acts as an AND over all specified fields, and each
794 # repeated field is an OR over its elements. Any unset fields are ignored. For
795 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
796 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
797 # true for requests originating from encrypted Linux desktops and encrypted
798 # Windows desktops.
Bu Sun Kim65020912020-05-20 12:08:20 -0700799 &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
800 # levels.
801 &quot;A String&quot;,
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700802 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700803 &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
804 { # A restriction on the OS type and version of devices making requests.
Bu Sun Kim65020912020-05-20 12:08:20 -0700805 &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
806 # Verifications includes requirements that the device is enterprise-managed,
807 # conformant to domain policies, and the caller has permission to call
808 # the API targeted by the request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700809 &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
810 # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
811 # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
812 &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
Bu Sun Kim65020912020-05-20 12:08:20 -0700813 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700814 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700815 &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
816 &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
817 &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
818 # Defaults to `false`.
819 &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
820 &quot;A String&quot;,
821 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700822 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700823 &quot;members&quot;: [ # The request must be made by one of the provided user or service
824 # accounts. Groups are not supported.
825 # Syntax:
826 # `user:{emailid}`
827 # `serviceAccount:{emailid}`
828 # If not specified, a request may come from any user.
829 &quot;A String&quot;,
830 ],
831 &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
832 # a CIDR IP address block, the specified IP address portion must be properly
833 # truncated (i.e. all the host bits must be zero) or the input is considered
834 # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
835 # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
836 # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
837 # the listed subnets in order for this Condition to be true. If empty, all IP
838 # addresses are allowed.
839 &quot;A String&quot;,
840 ],
841 &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
842 # its non-empty fields, each field must be false for the Condition overall to
843 # be satisfied. Defaults to false.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700844 &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
845 # Must be valid ISO 3166-1 alpha-2 codes.
846 &quot;A String&quot;,
847 ],
848 &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
849 # resource name. Referencing an `AccessLevel` which does not exist is an
850 # error. All access levels listed must be granted for the Condition
851 # to be true. Example:
852 # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
853 &quot;A String&quot;,
854 ],
Dan O'Mearadd494642020-05-01 07:42:23 -0700855 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700856 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700857 &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
858 # granted this `AccessLevel`. If AND is used, each `Condition` in
859 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
860 # is used, at least one `Condition` in `conditions` must be satisfied for the
861 # `AccessLevel` to be applied. Default behavior is AND.
Bu Sun Kim65020912020-05-20 12:08:20 -0700862 },
863 &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
864}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700865
Dan O'Mearadd494642020-05-01 07:42:23 -0700866 updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700867 x__xgafv: string, V1 error format.
868 Allowed values
869 1 - v1 error format
870 2 - v2 error format
871
872Returns:
873 An object of the form:
874
875 { # This resource represents a long-running operation that is the result of a
876 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700877 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
Dan O'Mearadd494642020-05-01 07:42:23 -0700878 # originally returns it. If you use the default HTTP mapping, the
879 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kim65020912020-05-20 12:08:20 -0700880 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
881 # different programming environments, including REST APIs and RPC APIs. It is
882 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
883 # three pieces of data: error code, error message, and error details.
884 #
885 # You can find out more about this error model and how to work with it in the
886 # [API Design Guide](https://cloud.google.com/apis/design/errors).
887 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
888 # message types for APIs to use.
889 {
890 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
891 },
892 ],
893 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
894 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
895 # user-facing error message should be localized and sent in the
896 # google.rpc.Status.details field, or localized by the client.
897 },
898 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
899 # contains progress information and common metadata such as create time.
900 # Some services might not provide such metadata. Any method that returns a
901 # long-running operation should document the metadata type, if any.
902 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
903 },
904 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
905 # If `true`, the operation is completed, and either `error` or `response` is
906 # available.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700907 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
908 # method returns no data on success, such as `Delete`, the response is
909 # `google.protobuf.Empty`. If the original method is standard
910 # `Get`/`Create`/`Update`, the response should be the resource. For other
911 # methods, the response should have the type `XxxResponse`, where `Xxx`
912 # is the original method name. For example, if the original method name
913 # is `TakeSnapshot()`, the inferred response type is
914 # `TakeSnapshotResponse`.
915 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
916 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700917 }</pre>
918</div>
919
920</body></html>