docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html

<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="accesscontextmanager_v1beta.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1beta.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1beta.accessPolicies.accessLevels.html">accessLevels</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Create an Access Level. The longrunning</p>
<p class="toc_element">
  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Delete an Access Level by resource</p>
<p class="toc_element">
  <code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>
<p class="firstline">Get an Access Level by resource</p>
<p class="toc_element">
  <code><a href="#list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
<p class="firstline">List all Access Levels for an access</p>
<p class="toc_element">
  <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Update an Access Level. The longrunning</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
  <pre>Create an Access Level. The longrunning
operation from this RPC will have a successful status once the Access
Level has
propagated to long-lasting storage. Access Levels containing
errors will result in an error response for the first error encountered.

Args:
  parent: string, Required. Resource name for the access policy which owns this Access
Level.

Format: `accessPolicies/{policy_id}` (required)
  body: object, The request body.
    The object takes the form of:

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
    # services, along with a list of requirements necessary for the label to be
    # applied.
  &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
      # to represent the necessary conditions for the level to apply to a request.
      # See CEL spec at: https://github.com/google/cel-spec
    &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
        # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
        # are documented at https://github.com/google/cel-spec.
        #
        # Example (Comparison):
        #
        #     title: &quot;Summary size limit&quot;
        #     description: &quot;Determines if a summary is less than 100 chars&quot;
        #     expression: &quot;document.summary.size() &lt; 100&quot;
        #
        # Example (Equality):
        #
        #     title: &quot;Requestor is owner&quot;
        #     description: &quot;Determines if requestor is the document owner&quot;
        #     expression: &quot;document.owner == request.auth.claims.email&quot;
        #
        # Example (Logic):
        #
        #     title: &quot;Public documents&quot;
        #     description: &quot;Determine whether the document should be publicly visible&quot;
        #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
        #
        # Example (Data Manipulation):
        #
        #     title: &quot;Notification string&quot;
        #     description: &quot;Create a notification string with a timestamp.&quot;
        #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
        #
        # The exact variables and functions that may be referenced within an expression
        # are determined by the service that evaluates it. See the service
        # documentation for additional information.
      &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
          # its purpose. This can be used e.g. in UIs which allow to enter the
          # expression.
      &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
          # reporting, e.g. a file name and a position in the file.
      &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
          # describes the expression, e.g. when hovered over it in a UI.
      &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
          # syntax.
    },
  },
  &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
  &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
      # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
      # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
      #  // of the `short_name` component is 50 characters.
  &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
    &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
      { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
          # AND over its fields. So a Condition is true if: 1) the request IP is from one
          # of the listed subnetworks AND 2) the originating device complies with the
          # listed device policy AND 3) all listed access levels are granted AND 4) the
          # request was sent at a time allowed by the DateTimeRestriction.
        &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
            # Condition to be true. If not specified, all devices are allowed.
            # given access level. A `DevicePolicy` specifies requirements for requests from
            # devices to be granted access levels, it does not do any enforcement on the
            # device. `DevicePolicy` acts as an AND over all specified fields, and each
            # repeated field is an OR over its elements. Any unset fields are ignored. For
            # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
            # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
            # true for requests originating from encrypted Linux desktops and encrypted
            # Windows desktops.
          &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
              # levels.
            &quot;A String&quot;,
          ],
          &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
            { # A restriction on the OS type and version of devices making requests.
              &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
                  # Verifications includes requirements that the device is enterprise-managed,
                  # conformant to domain policies, and the caller has permission to call
                  # the API targeted by the request.
              &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
                  # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
                  # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
              &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
            },
          ],
          &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
          &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
          &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
              # Defaults to `false`.
          &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
            &quot;A String&quot;,
          ],
        },
        &quot;members&quot;: [ # The request must be made by one of the provided user or service
            # accounts. Groups are not supported.
            # Syntax:
            # `user:{emailid}`
            # `serviceAccount:{emailid}`
            # If not specified, a request may come from any user.
          &quot;A String&quot;,
        ],
        &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
            # a CIDR IP address block, the specified IP address portion must be properly
            # truncated (i.e. all the host bits must be zero) or the input is considered
            # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
            # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
            # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
            # the listed subnets in order for this Condition to be true. If empty, all IP
            # addresses are allowed.
          &quot;A String&quot;,
        ],
        &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
            # its non-empty fields, each field must be false for the Condition overall to
            # be satisfied. Defaults to false.
        &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
            # Must be valid ISO 3166-1 alpha-2 codes.
          &quot;A String&quot;,
        ],
        &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
            # resource name. Referencing an `AccessLevel` which does not exist is an
            # error. All access levels listed must be granted for the Condition
            # to be true. Example:
            # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
          &quot;A String&quot;,
        ],
      },
    ],
    &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
        # granted this `AccessLevel`. If AND is used, each `Condition` in
        # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
        # is used, at least one `Condition` in `conditions` must be satisfied for the
        # `AccessLevel` to be applied. Default behavior is AND.
  },
  &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
    },
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
  }</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
  <pre>Delete an Access Level by resource
name. The longrunning operation from this RPC will have a successful status
once the Access Level has been removed
from long-lasting storage.

Args:
  name: string, Required. Resource name for the Access Level.

Format:
`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
    },
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
  }</pre>
</div>

<div class="method">
    <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>
  <pre>Get an Access Level by resource
name.

Args:
  name: string, Required. Resource name for the Access Level.

Format:
`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)
  accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression
Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
Access Levels
are returned as `BasicLevels` or `CustomLevels` based on how they were
created. If set to CEL, all Access Levels are returned as
`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
`CustomLevels`.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
      # services, along with a list of requirements necessary for the label to be
      # applied.
    &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
        # to represent the necessary conditions for the level to apply to a request.
        # See CEL spec at: https://github.com/google/cel-spec
      &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
          # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
          # are documented at https://github.com/google/cel-spec.
          #
          # Example (Comparison):
          #
          #     title: &quot;Summary size limit&quot;
          #     description: &quot;Determines if a summary is less than 100 chars&quot;
          #     expression: &quot;document.summary.size() &lt; 100&quot;
          #
          # Example (Equality):
          #
          #     title: &quot;Requestor is owner&quot;
          #     description: &quot;Determines if requestor is the document owner&quot;
          #     expression: &quot;document.owner == request.auth.claims.email&quot;
          #
          # Example (Logic):
          #
          #     title: &quot;Public documents&quot;
          #     description: &quot;Determine whether the document should be publicly visible&quot;
          #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
          #
          # Example (Data Manipulation):
          #
          #     title: &quot;Notification string&quot;
          #     description: &quot;Create a notification string with a timestamp.&quot;
          #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
          #
          # The exact variables and functions that may be referenced within an expression
          # are determined by the service that evaluates it. See the service
          # documentation for additional information.
        &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
            # its purpose. This can be used e.g. in UIs which allow to enter the
            # expression.
        &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
            # reporting, e.g. a file name and a position in the file.
        &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
            # describes the expression, e.g. when hovered over it in a UI.
        &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
            # syntax.
      },
    },
    &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
    &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
        # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
        # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
        #  // of the `short_name` component is 50 characters.
    &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
      &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
        { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
            # AND over its fields. So a Condition is true if: 1) the request IP is from one
            # of the listed subnetworks AND 2) the originating device complies with the
            # listed device policy AND 3) all listed access levels are granted AND 4) the
            # request was sent at a time allowed by the DateTimeRestriction.
          &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
              # Condition to be true. If not specified, all devices are allowed.
              # given access level. A `DevicePolicy` specifies requirements for requests from
              # devices to be granted access levels, it does not do any enforcement on the
              # device. `DevicePolicy` acts as an AND over all specified fields, and each
              # repeated field is an OR over its elements. Any unset fields are ignored. For
              # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
              # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
              # true for requests originating from encrypted Linux desktops and encrypted
              # Windows desktops.
            &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
                # levels.
              &quot;A String&quot;,
            ],
            &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
              { # A restriction on the OS type and version of devices making requests.
                &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
                    # Verifications includes requirements that the device is enterprise-managed,
                    # conformant to domain policies, and the caller has permission to call
                    # the API targeted by the request.
                &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
                    # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
                    # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
                &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
              },
            ],
            &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
            &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
            &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
                # Defaults to `false`.
            &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
              &quot;A String&quot;,
            ],
          },
          &quot;members&quot;: [ # The request must be made by one of the provided user or service
              # accounts. Groups are not supported.
              # Syntax:
              # `user:{emailid}`
              # `serviceAccount:{emailid}`
              # If not specified, a request may come from any user.
            &quot;A String&quot;,
          ],
          &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
              # a CIDR IP address block, the specified IP address portion must be properly
              # truncated (i.e. all the host bits must be zero) or the input is considered
              # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
              # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
              # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
              # the listed subnets in order for this Condition to be true. If empty, all IP
              # addresses are allowed.
            &quot;A String&quot;,
          ],
          &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
              # its non-empty fields, each field must be false for the Condition overall to
              # be satisfied. Defaults to false.
          &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
              # Must be valid ISO 3166-1 alpha-2 codes.
            &quot;A String&quot;,
          ],
          &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
              # resource name. Referencing an `AccessLevel` which does not exist is an
              # error. All access levels listed must be granted for the Condition
              # to be true. Example:
              # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
            &quot;A String&quot;,
          ],
        },
      ],
      &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
          # granted this `AccessLevel`. If AND is used, each `Condition` in
          # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
          # is used, at least one `Condition` in `conditions` must be satisfied for the
          # `AccessLevel` to be applied. Default behavior is AND.
    },
    &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
  }</pre>
</div>

<div class="method">
    <code class="details" id="list">list(parent, accessLevelFormat=None, pageToken=None, pageSize=None, x__xgafv=None)</code>
  <pre>List all Access Levels for an access
policy.

Args:
  parent: string, Required. Resource name for the access policy to list Access Levels from.

Format:
`accessPolicies/{policy_id}` (required)
  accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as
`CustomLevels`, rather than as `BasicLevels`. Defaults to returning
`AccessLevels` in the format they were defined.
  pageToken: string, Next page token for the next batch of Access Level instances.
Defaults to the first page of results.
  pageSize: integer, Number of Access Levels to include in
the list. Default 100.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A response to `ListAccessLevelsRequest`.
    &quot;nextPageToken&quot;: &quot;A String&quot;, # The pagination token to retrieve the next page of results. If the value is
        # empty, no further results remain.
    &quot;accessLevels&quot;: [ # List of the Access Level instances.
      { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
          # services, along with a list of requirements necessary for the label to be
          # applied.
        &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
            # to represent the necessary conditions for the level to apply to a request.
            # See CEL spec at: https://github.com/google/cel-spec
          &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
              # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
              # are documented at https://github.com/google/cel-spec.
              #
              # Example (Comparison):
              #
              #     title: &quot;Summary size limit&quot;
              #     description: &quot;Determines if a summary is less than 100 chars&quot;
              #     expression: &quot;document.summary.size() &lt; 100&quot;
              #
              # Example (Equality):
              #
              #     title: &quot;Requestor is owner&quot;
              #     description: &quot;Determines if requestor is the document owner&quot;
              #     expression: &quot;document.owner == request.auth.claims.email&quot;
              #
              # Example (Logic):
              #
              #     title: &quot;Public documents&quot;
              #     description: &quot;Determine whether the document should be publicly visible&quot;
              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
              #
              # Example (Data Manipulation):
              #
              #     title: &quot;Notification string&quot;
              #     description: &quot;Create a notification string with a timestamp.&quot;
              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
              #
              # The exact variables and functions that may be referenced within an expression
              # are determined by the service that evaluates it. See the service
              # documentation for additional information.
            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
                # its purpose. This can be used e.g. in UIs which allow to enter the
                # expression.
            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
                # reporting, e.g. a file name and a position in the file.
            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
                # describes the expression, e.g. when hovered over it in a UI.
            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
                # syntax.
          },
        },
        &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
        &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
            # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
            # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
            #  // of the `short_name` component is 50 characters.
        &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
          &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
            { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
                # AND over its fields. So a Condition is true if: 1) the request IP is from one
                # of the listed subnetworks AND 2) the originating device complies with the
                # listed device policy AND 3) all listed access levels are granted AND 4) the
                # request was sent at a time allowed by the DateTimeRestriction.
              &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
                  # Condition to be true. If not specified, all devices are allowed.
                  # given access level. A `DevicePolicy` specifies requirements for requests from
                  # devices to be granted access levels, it does not do any enforcement on the
                  # device. `DevicePolicy` acts as an AND over all specified fields, and each
                  # repeated field is an OR over its elements. Any unset fields are ignored. For
                  # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
                  # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
                  # true for requests originating from encrypted Linux desktops and encrypted
                  # Windows desktops.
                &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
                    # levels.
                  &quot;A String&quot;,
                ],
                &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
                  { # A restriction on the OS type and version of devices making requests.
                    &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
                        # Verifications includes requirements that the device is enterprise-managed,
                        # conformant to domain policies, and the caller has permission to call
                        # the API targeted by the request.
                    &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
                        # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
                        # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
                    &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
                  },
                ],
                &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
                &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
                &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
                    # Defaults to `false`.
                &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
                  &quot;A String&quot;,
                ],
              },
              &quot;members&quot;: [ # The request must be made by one of the provided user or service
                  # accounts. Groups are not supported.
                  # Syntax:
                  # `user:{emailid}`
                  # `serviceAccount:{emailid}`
                  # If not specified, a request may come from any user.
                &quot;A String&quot;,
              ],
              &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
                  # a CIDR IP address block, the specified IP address portion must be properly
                  # truncated (i.e. all the host bits must be zero) or the input is considered
                  # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
                  # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
                  # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
                  # the listed subnets in order for this Condition to be true. If empty, all IP
                  # addresses are allowed.
                &quot;A String&quot;,
              ],
              &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
                  # its non-empty fields, each field must be false for the Condition overall to
                  # be satisfied. Defaults to false.
              &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
                  # Must be valid ISO 3166-1 alpha-2 codes.
                &quot;A String&quot;,
              ],
              &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
                  # resource name. Referencing an `AccessLevel` which does not exist is an
                  # error. All access levels listed must be granted for the Condition
                  # to be true. Example:
                  # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
                &quot;A String&quot;,
              ],
            },
          ],
          &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
              # granted this `AccessLevel`. If AND is used, each `Condition` in
              # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
              # is used, at least one `Condition` in `conditions` must be satisfied for the
              # `AccessLevel` to be applied. Default behavior is AND.
        },
        &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
      },
    ],
  }</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
  <pre>Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call &#x27;execute()&#x27; on to request the next
  page. Returns None if there are no more items in the collection.
    </pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Update an Access Level. The longrunning
operation from this RPC will have a successful status once the changes to
the Access Level have propagated
to long-lasting storage. Access Levels containing
errors will result in an error response for the first error encountered.

Args:
  name: string, Required. Resource name for the Access Level. The `short_name` component
must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
 // of the `short_name` component is 50 characters. (required)
  body: object, The request body.
    The object takes the form of:

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
    # services, along with a list of requirements necessary for the label to be
    # applied.
  &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
      # to represent the necessary conditions for the level to apply to a request.
      # See CEL spec at: https://github.com/google/cel-spec
    &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
        # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
        # are documented at https://github.com/google/cel-spec.
        #
        # Example (Comparison):
        #
        #     title: &quot;Summary size limit&quot;
        #     description: &quot;Determines if a summary is less than 100 chars&quot;
        #     expression: &quot;document.summary.size() &lt; 100&quot;
        #
        # Example (Equality):
        #
        #     title: &quot;Requestor is owner&quot;
        #     description: &quot;Determines if requestor is the document owner&quot;
        #     expression: &quot;document.owner == request.auth.claims.email&quot;
        #
        # Example (Logic):
        #
        #     title: &quot;Public documents&quot;
        #     description: &quot;Determine whether the document should be publicly visible&quot;
        #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
        #
        # Example (Data Manipulation):
        #
        #     title: &quot;Notification string&quot;
        #     description: &quot;Create a notification string with a timestamp.&quot;
        #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
        #
        # The exact variables and functions that may be referenced within an expression
        # are determined by the service that evaluates it. See the service
        # documentation for additional information.
      &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
          # its purpose. This can be used e.g. in UIs which allow to enter the
          # expression.
      &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
          # reporting, e.g. a file name and a position in the file.
      &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
          # describes the expression, e.g. when hovered over it in a UI.
      &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
          # syntax.
    },
  },
  &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
  &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
      # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
      # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
      #  // of the `short_name` component is 50 characters.
  &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
    &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
      { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
          # AND over its fields. So a Condition is true if: 1) the request IP is from one
          # of the listed subnetworks AND 2) the originating device complies with the
          # listed device policy AND 3) all listed access levels are granted AND 4) the
          # request was sent at a time allowed by the DateTimeRestriction.
        &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
            # Condition to be true. If not specified, all devices are allowed.
            # given access level. A `DevicePolicy` specifies requirements for requests from
            # devices to be granted access levels, it does not do any enforcement on the
            # device. `DevicePolicy` acts as an AND over all specified fields, and each
            # repeated field is an OR over its elements. Any unset fields are ignored. For
            # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
            # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
            # true for requests originating from encrypted Linux desktops and encrypted
            # Windows desktops.
          &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
              # levels.
            &quot;A String&quot;,
          ],
          &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
            { # A restriction on the OS type and version of devices making requests.
              &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
                  # Verifications includes requirements that the device is enterprise-managed,
                  # conformant to domain policies, and the caller has permission to call
                  # the API targeted by the request.
              &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
                  # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
                  # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
              &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
            },
          ],
          &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
          &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
          &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
              # Defaults to `false`.
          &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
            &quot;A String&quot;,
          ],
        },
        &quot;members&quot;: [ # The request must be made by one of the provided user or service
            # accounts. Groups are not supported.
            # Syntax:
            # `user:{emailid}`
            # `serviceAccount:{emailid}`
            # If not specified, a request may come from any user.
          &quot;A String&quot;,
        ],
        &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
            # a CIDR IP address block, the specified IP address portion must be properly
            # truncated (i.e. all the host bits must be zero) or the input is considered
            # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
            # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
            # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
            # the listed subnets in order for this Condition to be true. If empty, all IP
            # addresses are allowed.
          &quot;A String&quot;,
        ],
        &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
            # its non-empty fields, each field must be false for the Condition overall to
            # be satisfied. Defaults to false.
        &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
            # Must be valid ISO 3166-1 alpha-2 codes.
          &quot;A String&quot;,
        ],
        &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
            # resource name. Referencing an `AccessLevel` which does not exist is an
            # error. All access levels listed must be granted for the Condition
            # to be true. Example:
            # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
          &quot;A String&quot;,
        ],
      },
    ],
    &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
        # granted this `AccessLevel`. If AND is used, each `Condition` in
        # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
        # is used, at least one `Condition` in `conditions` must be satisfied for the
        # `AccessLevel` to be applied. Default behavior is AND.
  },
  &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
}

  updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a
      # network API call.
    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
        # originally returns it. If you use the default HTTP mapping, the
        # `name` should be a resource name ending with `operations/{unique_id}`.
    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
        # different programming environments, including REST APIs and RPC APIs. It is
        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
        # three pieces of data: error code, error message, and error details.
        #
        # You can find out more about this error model and how to work with it in the
        # [API Design Guide](https://cloud.google.com/apis/design/errors).
      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
          # message types for APIs to use.
        {
          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
        },
      ],
      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
          # user-facing error message should be localized and sent in the
          # google.rpc.Status.details field, or localized by the client.
    },
    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
        # contains progress information and common metadata such as create time.
        # Some services might not provide such metadata.  Any method that returns a
        # long-running operation should document the metadata type, if any.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
        # If `true`, the operation is completed, and either `error` or `response` is
        # available.
    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
        # method returns no data on success, such as `Delete`, the response is
        # `google.protobuf.Empty`.  If the original method is standard
        # `Get`/`Create`/`Update`, the response should be the resource.  For other
        # methods, the response should have the type `XxxResponse`, where `Xxx`
        # is the original method name.  For example, if the original method name
        # is `TakeSnapshot()`, the inferred response type is
        # `TakeSnapshotResponse`.
      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
    },
  }</pre>
</div>

</body></html>