blob: 330a5263fc47f4a85c7ba51b703f992297265150 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="cloudasset_v1.html">Cloud Asset API</a> . <a href="cloudasset_v1.v1.html">v1</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070078 <code><a href="#batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, readTimeWindow_endTime=None, readTimeWindow_startTime=None, assetNames=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070079<p class="firstline">Batch gets the update history of assets that overlap a time window.</p>
80<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070081 <code><a href="#exportAssets">exportAssets(parent, body=None, x__xgafv=None)</a></code></p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070082<p class="firstline">Exports assets with time and resource types to a given Cloud Storage</p>
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070083<p class="toc_element">
84 <code><a href="#searchAllIamPolicies">searchAllIamPolicies(scope, pageToken=None, pageSize=None, query=None, x__xgafv=None)</a></code></p>
85<p class="firstline">Searches all the IAM policies within the given accessible scope (e.g., a</p>
86<p class="toc_element">
87 <code><a href="#searchAllIamPolicies_next">searchAllIamPolicies_next(previous_request, previous_response)</a></code></p>
88<p class="firstline">Retrieves the next page of results.</p>
89<p class="toc_element">
90 <code><a href="#searchAllResources">searchAllResources(scope, pageToken=None, pageSize=None, query=None, assetTypes=None, orderBy=None, x__xgafv=None)</a></code></p>
91<p class="firstline">Searches all the resources within the given accessible scope (e.g., a</p>
92<p class="toc_element">
93 <code><a href="#searchAllResources_next">searchAllResources_next(previous_request, previous_response)</a></code></p>
94<p class="firstline">Retrieves the next page of results.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070095<h3>Method Details</h3>
96<div class="method">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -070097 <code class="details" id="batchGetAssetsHistory">batchGetAssetsHistory(parent, contentType=None, readTimeWindow_endTime=None, readTimeWindow_startTime=None, assetNames=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070098 <pre>Batch gets the update history of assets that overlap a time window.
99For RESOURCE content, this API outputs history with asset in both
100non-delete or deleted status.
101For IAM_POLICY content, this API outputs history when the asset and its
102attached IAM POLICY both exist. This can create gaps in the output history.
103If a specified asset does not exist, this API returns an INVALID_ARGUMENT
104error.
105
106Args:
107 parent: string, Required. The relative name of the root asset. It can only be an
Bu Sun Kim65020912020-05-20 12:08:20 -0700108organization number (such as &quot;organizations/123&quot;), a project ID (such as
109&quot;projects/my-project-id&quot;)&quot;, or a project number (such as &quot;projects/12345&quot;). (required)
Bu Sun Kim65020912020-05-20 12:08:20 -0700110 contentType: string, Optional. The content type.
Dan O'Mearadd494642020-05-01 07:42:23 -0700111 readTimeWindow_endTime: string, End time of the time window (inclusive). If not specified, the current
112timestamp is used instead.
Bu Sun Kim65020912020-05-20 12:08:20 -0700113 readTimeWindow_startTime: string, Start time of the time window (exclusive).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700114 assetNames: string, A list of the full names of the assets.
115See: https://cloud.google.com/asset-inventory/docs/resource-name-format
116Example:
117
118`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
119
120The request becomes a no-op if the asset name list is empty, and the max
121size of the asset name list is 100 in one request. (repeated)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700122 x__xgafv: string, V1 error format.
123 Allowed values
124 1 - v1 error format
125 2 - v2 error format
126
127Returns:
128 An object of the form:
129
130 { # Batch get assets history response.
Bu Sun Kim65020912020-05-20 12:08:20 -0700131 &quot;assets&quot;: [ # A list of assets with valid time windows.
Dan O'Mearadd494642020-05-01 07:42:23 -0700132 { # An asset in Google Cloud and its temporal metadata, including the time window
133 # when it was observed and its status during that window.
Bu Sun Kim65020912020-05-20 12:08:20 -0700134 &quot;deleted&quot;: True or False, # Whether the asset has been deleted or not.
135 &quot;window&quot;: { # A time window specified by its &quot;start_time&quot; and &quot;end_time&quot;. # The time window when the asset data and state was observed.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700136 &quot;startTime&quot;: &quot;A String&quot;, # Start time of the time window (exclusive).
Bu Sun Kim65020912020-05-20 12:08:20 -0700137 &quot;endTime&quot;: &quot;A String&quot;, # End time of the time window (inclusive). If not specified, the current
Dan O'Mearadd494642020-05-01 07:42:23 -0700138 # timestamp is used instead.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700139 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700140 &quot;asset&quot;: { # An asset in Google Cloud. An asset can be any resource in the Google Cloud # An asset in Google Cloud.
Dan O'Mearadd494642020-05-01 07:42:23 -0700141 # [resource
142 # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
143 # a resource outside the Google Cloud resource hierarchy (such as Google
144 # Kubernetes Engine clusters and objects), or a Cloud IAM policy.
Bu Sun Kim65020912020-05-20 12:08:20 -0700145 &quot;servicePerimeter&quot;: { # `ServicePerimeter` describes a set of Google Cloud resources which can freely
146 # import and export data amongst themselves, but not export outside of the
147 # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
148 # has a target outside of the `ServicePerimeter`, the request will be blocked.
149 # Otherwise the request is allowed. There are two types of Service Perimeter -
150 # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
151 # Google Cloud project can only belong to a single regular Service Perimeter.
152 # Service Perimeter Bridges can contain only Google Cloud projects as members,
153 # a single Google Cloud project may belong to multiple Service Perimeter
154 # Bridges.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700155 &quot;spec&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration
156 # allows to specify and test ServicePerimeter configuration without enforcing
157 # actual access restrictions. Only allowed to be set when the
158 # &quot;use_explicit_dry_run_spec&quot; flag is set.
159 # describe specific Service Perimeter configuration.
160 &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
161 # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
162 # must be in the same policy as this `ServicePerimeter`. Referencing a
163 # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
164 # listed, resources within the perimeter can only be accessed via Google
165 # Cloud calls with request origins within the perimeter. Example:
166 # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
167 # For Service Perimeter Bridge, must be empty.
168 &quot;A String&quot;,
169 ],
170 &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
171 # restrictions. For example, if `storage.googleapis.com` is specified, access
172 # to the storage buckets inside the perimeter must meet the perimeter&#x27;s
173 # access restrictions.
174 &quot;A String&quot;,
175 ],
176 &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
177 # Perimeter.
178 &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
179 # APIs specified in &#x27;allowed_services&#x27;.
180 &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
181 # unless &#x27;enable_restriction&#x27; is True.
182 &quot;A String&quot;,
183 ],
184 },
185 &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
186 # Currently only projects are allowed. Format: `projects/{project_number}`
187 &quot;A String&quot;,
188 ],
189 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700190 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the ServicePerimeter. The `short_name`
191 # component must begin with a letter and only include alphanumeric and &#x27;_&#x27;.
192 # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
193 &quot;perimeterType&quot;: &quot;A String&quot;, # Perimeter type indicator. A single project is
194 # allowed to be a member of single regular perimeter, but multiple service
195 # perimeter bridges. A project cannot be a included in a perimeter bridge
196 # without being included in regular perimeter. For perimeter bridges,
197 # the restricted service list as well as access level lists must be
198 # empty.
199 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
200 &quot;useExplicitDryRunSpec&quot;: True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
201 # exists for all Service Perimeters, and that spec is identical to the
202 # status for those Service Perimeters. When this flag is set, it inhibits the
203 # generation of the implicit spec, thereby allowing the user to explicitly
204 # provide a configuration (&quot;spec&quot;) to use in a dry-run version of the Service
205 # Perimeter. This allows the user to test changes to the enforced config
206 # (&quot;status&quot;) without actually enforcing them. This testing is done through
207 # analyzing the differences between currently enforced and suggested
208 # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
209 # fields in the spec are set to non-default values.
210 &quot;description&quot;: &quot;A String&quot;, # Description of the `ServicePerimeter` and its use. Does not affect
211 # behavior.
212 &quot;status&quot;: { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources,
213 # restricted services and access levels that determine perimeter
214 # content and boundaries.
215 # describe specific Service Perimeter configuration.
Bu Sun Kim65020912020-05-20 12:08:20 -0700216 &quot;accessLevels&quot;: [ # A list of `AccessLevel` resource names that allow resources within the
217 # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
218 # must be in the same policy as this `ServicePerimeter`. Referencing a
219 # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
220 # listed, resources within the perimeter can only be accessed via Google
221 # Cloud calls with request origins within the perimeter. Example:
222 # `&quot;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&quot;`.
223 # For Service Perimeter Bridge, must be empty.
224 &quot;A String&quot;,
225 ],
226 &quot;restrictedServices&quot;: [ # Google Cloud services that are subject to the Service Perimeter
227 # restrictions. For example, if `storage.googleapis.com` is specified, access
228 # to the storage buckets inside the perimeter must meet the perimeter&#x27;s
229 # access restrictions.
230 &quot;A String&quot;,
231 ],
232 &quot;vpcAccessibleServices&quot;: { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter.
233 # Perimeter.
234 &quot;enableRestriction&quot;: True or False, # Whether to restrict API calls within the Service Perimeter to the list of
235 # APIs specified in &#x27;allowed_services&#x27;.
236 &quot;allowedServices&quot;: [ # The list of APIs usable within the Service Perimeter. Must be empty
237 # unless &#x27;enable_restriction&#x27; is True.
238 &quot;A String&quot;,
239 ],
240 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700241 &quot;resources&quot;: [ # A list of Google Cloud resources that are inside of the service perimeter.
242 # Currently only projects are allowed. Format: `projects/{project_number}`
243 &quot;A String&quot;,
244 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700245 },
246 },
247 &quot;resource&quot;: { # A representation of a Google Cloud resource. # A representation of the resource.
Bu Sun Kim65020912020-05-20 12:08:20 -0700248 &quot;discoveryDocumentUri&quot;: &quot;A String&quot;, # The URL of the discovery document containing the resource&#x27;s JSON schema.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700249 # Example:
Bu Sun Kim65020912020-05-20 12:08:20 -0700250 # &quot;https://www.googleapis.com/discovery/v1/apis/compute/v1/rest&quot;
251 #
252 # This value is unspecified for resources that do not have an API based on a
253 # discovery document, such as Cloud Bigtable.
254 &quot;parent&quot;: &quot;A String&quot;, # The full name of the immediate parent of this resource. See
Dan O'Mearadd494642020-05-01 07:42:23 -0700255 # [Resource
256 # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
257 # for more information.
258 #
259 # For Google Cloud assets, this value is the parent resource defined in the
260 # [Cloud IAM policy
261 # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700262 # Example:
Bu Sun Kim65020912020-05-20 12:08:20 -0700263 # &quot;//cloudresourcemanager.googleapis.com/projects/my_project_123&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700264 #
265 # For third-party assets, this field may be set differently.
Bu Sun Kim65020912020-05-20 12:08:20 -0700266 &quot;resourceUrl&quot;: &quot;A String&quot;, # The REST URL for accessing the resource. An HTTP `GET` request using this
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700267 # URL returns the resource itself. Example:
Bu Sun Kim65020912020-05-20 12:08:20 -0700268 # &quot;https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700269 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700270 # This value is unspecified for resources without a REST API.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700271 &quot;discoveryName&quot;: &quot;A String&quot;, # The JSON schema name listed in the discovery document. Example:
272 # &quot;Project&quot;
273 #
274 # This value is unspecified for resources that do not have an API based on a
275 # discovery document, such as Cloud Bigtable.
276 &quot;version&quot;: &quot;A String&quot;, # The API version. Example: &quot;v1&quot;
277 &quot;location&quot;: &quot;A String&quot;, # The location of the resource in Google Cloud, such as its zone and region.
278 # For more information, see https://cloud.google.com/about/locations/.
279 &quot;data&quot;: { # The content of the resource, in which some sensitive fields are removed
280 # and may not be present.
281 &quot;a_key&quot;: &quot;&quot;, # Properties of the object.
282 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700283 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700284 &quot;name&quot;: &quot;A String&quot;, # The full name of the asset. Example:
Bu Sun Kim65020912020-05-20 12:08:20 -0700285 # &quot;//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700286 #
287 # See [Resource
288 # names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
289 # for more information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700290 &quot;orgPolicy&quot;: [ # A representation of an [organization
Dan O'Mearadd494642020-05-01 07:42:23 -0700291 # policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).
292 # There can be more than one organization policy with different constraints
293 # set on a given resource.
294 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
295 # for configurations of Cloud Platform resources.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700296 &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
297 # concurrency control.
298 #
299 # When the `Policy` is returned from either a `GetPolicy` or a
300 # `ListOrgPolicy` request, this `etag` indicates the version of the current
301 # `Policy` to use when executing a read-modify-write loop.
302 #
303 # When the `Policy` is returned from a `GetEffectivePolicy` request, the
304 # `etag` will be unset.
305 #
306 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
307 # that was returned from a `GetOrgPolicy` request as part of a
308 # read-modify-write loop for concurrency control. Not setting the `etag`in a
309 # `SetOrgPolicy` request will result in an unconditional write of the
310 # `Policy`.
311 &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
312 # resource.
313 &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
314 # configuration is acceptable.
315 #
316 # Suppose you have a `Constraint`
317 # `constraints/compute.disableSerialPortAccess` with `constraint_default`
318 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
319 # behavior:
320 # - If the `Policy` at this resource has enforced set to `false`, serial
321 # port connection attempts will be allowed.
322 # - If the `Policy` at this resource has enforced set to `true`, serial
323 # port connection attempts will be refused.
324 # - If the `Policy` at this resource is `RestoreDefault`, serial port
325 # connection attempts will be allowed.
326 # - If no `Policy` is set at this resource or anywhere higher in the
327 # resource hierarchy, serial port connection attempts will be allowed.
328 # - If no `Policy` is set at this resource, but one exists higher in the
329 # resource hierarchy, the behavior is as if the`Policy` were set at
330 # this resource.
331 #
332 # The following examples demonstrate the different possible layerings:
333 #
334 # Example 1 (nearest `Constraint` wins):
335 # `organizations/foo` has a `Policy` with:
336 # {enforced: false}
337 # `projects/bar` has no `Policy` set.
338 # The constraint at `projects/bar` and `organizations/foo` will not be
339 # enforced.
340 #
341 # Example 2 (enforcement gets replaced):
342 # `organizations/foo` has a `Policy` with:
343 # {enforced: false}
344 # `projects/bar` has a `Policy` with:
345 # {enforced: true}
346 # The constraint at `organizations/foo` is not enforced.
347 # The constraint at `projects/bar` is enforced.
348 #
349 # Example 3 (RestoreDefault):
350 # `organizations/foo` has a `Policy` with:
351 # {enforced: true}
352 # `projects/bar` has a `Policy` with:
353 # {RestoreDefault: {}}
354 # The constraint at `organizations/foo` is enforced.
355 # The constraint at `projects/bar` is not enforced, because
356 # `constraint_default` for the `Constraint` is `ALLOW`.
357 },
358 &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
359 # `constraints/serviceuser.services`.
360 #
361 # Immutable after creation.
362 &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
363 # server, not specified by the caller, and represents the last time a call to
364 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
365 # be ignored.
366 &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
367 &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
368 # `Constraint` type.
369 # `constraint_default` enforcement behavior of the specific `Constraint` at
370 # this resource.
371 #
372 # Suppose that `constraint_default` is set to `ALLOW` for the
373 # `Constraint` `constraints/serviceuser.services`. Suppose that organization
374 # foo.com sets a `Policy` at their Organization resource node that restricts
375 # the allowed service activations to deny all service activations. They
376 # could then set a `Policy` with the `policy_type` `restore_default` on
377 # several experimental projects, restoring the `constraint_default`
378 # enforcement of the `Constraint` for only those projects, allowing those
379 # projects to have all services activated.
380 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700381 &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
Dan O'Mearadd494642020-05-01 07:42:23 -0700382 # resource.
383 #
384 # `ListPolicy` can define specific values and subtrees of Cloud Resource
385 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
386 # are allowed or denied by setting the `allowed_values` and `denied_values`
387 # fields. This is achieved by using the `under:` and optional `is:` prefixes.
388 # The `under:` prefix is used to denote resource subtree values.
389 # The `is:` prefix is used to denote specific values, and is required only
Bu Sun Kim65020912020-05-20 12:08:20 -0700390 # if the value contains a &quot;:&quot;. Values prefixed with &quot;is:&quot; are treated the
Dan O'Mearadd494642020-05-01 07:42:23 -0700391 # same as values with no prefix.
392 # Ancestry subtrees must be in one of the following formats:
Bu Sun Kim65020912020-05-20 12:08:20 -0700393 # - &quot;projects/&lt;project-id&gt;&quot;, e.g. &quot;projects/tokyo-rain-123&quot;
394 # - &quot;folders/&lt;folder-id&gt;&quot;, e.g. &quot;folders/1234&quot;
395 # - &quot;organizations/&lt;organization-id&gt;&quot;, e.g. &quot;organizations/1234&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700396 # The `supports_under` field of the associated `Constraint` defines whether
397 # ancestry prefixes can be used. You can set `allowed_values` and
398 # `denied_values` in the same `Policy` if `all_values` is
399 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
400 # values. If `all_values` is set to either `ALLOW` or `DENY`,
401 # `allowed_values` and `denied_values` must be unset.
Bu Sun Kim65020912020-05-20 12:08:20 -0700402 &quot;suggestedValue&quot;: &quot;A String&quot;, # Optional. The Google Cloud Console will try to default to a configuration
403 # that matches the value specified in this `Policy`. If `suggested_value`
404 # is not set, it will inherit the value specified higher in the hierarchy,
405 # unless `inherit_from_parent` is `false`.
406 &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
Dan O'Mearadd494642020-05-01 07:42:23 -0700407 #
408 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
409 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
410 # set to `true`, then the values from the effective `Policy` of the parent
411 # resource are inherited, meaning the values set in this `Policy` are
412 # added to the values inherited up the hierarchy.
413 #
414 # Setting `Policy` hierarchies that inherit both allowed values and denied
Bu Sun Kim65020912020-05-20 12:08:20 -0700415 # values isn&#x27;t recommended in most circumstances to keep the configuration
Dan O'Mearadd494642020-05-01 07:42:23 -0700416 # simple and understandable. However, it is possible to set a `Policy` with
417 # `allowed_values` set that inherits a `Policy` with `denied_values` set.
418 # In this case, the values that are allowed must be in `allowed_values` and
419 # not present in `denied_values`.
420 #
421 # For example, suppose you have a `Constraint`
422 # `constraints/serviceuser.services`, which has a `constraint_type` of
423 # `list_constraint`, and with `constraint_default` set to `ALLOW`.
424 # Suppose that at the Organization level, a `Policy` is applied that
425 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a
426 # `Policy` is applied to a project below the Organization that has
427 # `inherit_from_parent` set to `false` and field all_values set to DENY,
428 # then an attempt to activate any API will be denied.
429 #
430 # The following examples demonstrate different possible layerings for
431 # `projects/bar` parented by `organizations/foo`:
432 #
433 # Example 1 (no inherited values):
434 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700435 # {allowed_values: &quot;E1&quot; allowed_values:&quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700436 # `projects/bar` has `inherit_from_parent` `false` and values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700437 # {allowed_values: &quot;E3&quot; allowed_values: &quot;E4&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700438 # The accepted values at `organizations/foo` are `E1`, `E2`.
439 # The accepted values at `projects/bar` are `E3`, and `E4`.
440 #
441 # Example 2 (inherited values):
442 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700443 # {allowed_values: &quot;E1&quot; allowed_values:&quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700444 # `projects/bar` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700445 # {value: &quot;E3&quot; value: &quot;E4&quot; inherit_from_parent: true}
Dan O'Mearadd494642020-05-01 07:42:23 -0700446 # The accepted values at `organizations/foo` are `E1`, `E2`.
447 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
448 #
449 # Example 3 (inheriting both allowed and denied values):
450 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700451 # {allowed_values: &quot;E1&quot; allowed_values: &quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700452 # `projects/bar` has a `Policy` with:
Bu Sun Kim65020912020-05-20 12:08:20 -0700453 # {denied_values: &quot;E1&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700454 # The accepted values at `organizations/foo` are `E1`, `E2`.
455 # The value accepted at `projects/bar` is `E2`.
456 #
457 # Example 4 (RestoreDefault):
458 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700459 # {allowed_values: &quot;E1&quot; allowed_values:&quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700460 # `projects/bar` has a `Policy` with values:
461 # {RestoreDefault: {}}
462 # The accepted values at `organizations/foo` are `E1`, `E2`.
463 # The accepted values at `projects/bar` are either all or none depending on
464 # the value of `constraint_default` (if `ALLOW`, all; if
465 # `DENY`, none).
466 #
467 # Example 5 (no policy inherits parent policy):
468 # `organizations/foo` has no `Policy` set.
469 # `projects/bar` has no `Policy` set.
470 # The accepted values at both levels are either all or none depending on
471 # the value of `constraint_default` (if `ALLOW`, all; if
472 # `DENY`, none).
473 #
474 # Example 6 (ListConstraint allowing all):
475 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700476 # {allowed_values: &quot;E1&quot; allowed_values: &quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700477 # `projects/bar` has a `Policy` with:
478 # {all: ALLOW}
479 # The accepted values at `organizations/foo` are `E1`, E2`.
480 # Any value is accepted at `projects/bar`.
481 #
482 # Example 7 (ListConstraint allowing none):
483 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700484 # {allowed_values: &quot;E1&quot; allowed_values: &quot;E2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700485 # `projects/bar` has a `Policy` with:
486 # {all: DENY}
487 # The accepted values at `organizations/foo` are `E1`, E2`.
488 # No value is accepted at `projects/bar`.
489 #
490 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
491 # Given the following resource hierarchy
492 # O1-&gt;{F1, F2}; F1-&gt;{P1}; F2-&gt;{P2, P3},
493 # `organizations/foo` has a `Policy` with values:
Bu Sun Kim65020912020-05-20 12:08:20 -0700494 # {allowed_values: &quot;under:organizations/O1&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700495 # `projects/bar` has a `Policy` with:
Bu Sun Kim65020912020-05-20 12:08:20 -0700496 # {allowed_values: &quot;under:projects/P3&quot;}
497 # {denied_values: &quot;under:folders/F2&quot;}
Dan O'Mearadd494642020-05-01 07:42:23 -0700498 # The accepted values at `organizations/foo` are `organizations/O1`,
499 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
500 # `projects/P3`.
501 # The accepted values at `projects/bar` are `organizations/O1`,
502 # `folders/F1`, `projects/P1`.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700503 &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
504 # is set to `ALL_VALUES_UNSPECIFIED`.
505 &quot;A String&quot;,
506 ],
507 &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
508 &quot;allowedValues&quot;: [ # List of values allowed at this resource. Can only be set if `all_values`
509 # is set to `ALL_VALUES_UNSPECIFIED`.
510 &quot;A String&quot;,
511 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700512 },
Dan O'Mearadd494642020-05-01 07:42:23 -0700513 },
514 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700515 &quot;iamPolicy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # A representation of the Cloud IAM policy set on a Google Cloud resource.
Dan O'Mearadd494642020-05-01 07:42:23 -0700516 # There can be a maximum of one Cloud IAM policy set on any given resource.
517 # In addition, Cloud IAM policies inherit their granted access scope from any
518 # policies set on parent resources in the resource hierarchy. Therefore, the
519 # effectively policy is the union of both the policy set on this resource
Bu Sun Kim65020912020-05-20 12:08:20 -0700520 # and each policy set on all of the resource&#x27;s ancestry resource levels in
Dan O'Mearadd494642020-05-01 07:42:23 -0700521 # the hierarchy. See
522 # [this topic](https://cloud.google.com/iam/docs/policies#inheritance) for
523 # more information.
524 # controls for Google Cloud resources.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700525 #
526 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700527 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
528 # `members` to a single `role`. Members can be user accounts, service accounts,
529 # Google groups, and domains (such as G Suite). A `role` is a named list of
530 # permissions; each `role` can be an IAM predefined role or a user-created
531 # custom role.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700532 #
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700533 # For some types of Google Cloud resources, a `binding` can also specify a
534 # `condition`, which is a logical expression that allows access to a resource
535 # only if the expression evaluates to `true`. A condition can add constraints
536 # based on attributes of the request, the resource, or both. To learn which
537 # resources support conditions in their IAM policies, see the
538 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Dan O'Mearadd494642020-05-01 07:42:23 -0700539 #
540 # **JSON example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700541 #
542 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700543 # &quot;bindings&quot;: [
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700544 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700545 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
546 # &quot;members&quot;: [
547 # &quot;user:mike@example.com&quot;,
548 # &quot;group:admins@example.com&quot;,
549 # &quot;domain:google.com&quot;,
550 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700551 # ]
552 # },
553 # {
Bu Sun Kim65020912020-05-20 12:08:20 -0700554 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700555 # &quot;members&quot;: [
556 # &quot;user:eve@example.com&quot;
557 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700558 # &quot;condition&quot;: {
559 # &quot;title&quot;: &quot;expirable access&quot;,
560 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
561 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
Dan O'Mearadd494642020-05-01 07:42:23 -0700562 # }
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700563 # }
Dan O'Mearadd494642020-05-01 07:42:23 -0700564 # ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700565 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
566 # &quot;version&quot;: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700567 # }
568 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700569 # **YAML example:**
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700570 #
571 # bindings:
572 # - members:
573 # - user:mike@example.com
574 # - group:admins@example.com
575 # - domain:google.com
Dan O'Mearadd494642020-05-01 07:42:23 -0700576 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
577 # role: roles/resourcemanager.organizationAdmin
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700578 # - members:
Dan O'Mearadd494642020-05-01 07:42:23 -0700579 # - user:eve@example.com
580 # role: roles/resourcemanager.organizationViewer
581 # condition:
582 # title: expirable access
583 # description: Does not grant access after Sep 2020
Bu Sun Kim65020912020-05-20 12:08:20 -0700584 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
Dan O'Mearadd494642020-05-01 07:42:23 -0700585 # - etag: BwWWja0YfJA=
586 # - version: 3
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700587 #
588 # For a description of IAM and its features, see the
Dan O'Mearadd494642020-05-01 07:42:23 -0700589 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim65020912020-05-20 12:08:20 -0700590 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700591 # prevent simultaneous updates of a policy from overwriting each other.
592 # It is strongly suggested that systems make use of the `etag` in the
593 # read-modify-write cycle to perform policy updates in order to avoid race
594 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
595 # systems are expected to put that etag in the request to `setIamPolicy` to
596 # ensure that their change will be applied to the same version of the policy.
597 #
Dan O'Mearadd494642020-05-01 07:42:23 -0700598 # **Important:** If you use IAM Conditions, you must include the `etag` field
599 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
600 # you to overwrite a version `3` policy with a version `1` policy, and all of
601 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -0700602 &quot;version&quot;: 42, # Specifies the format of the policy.
Dan O'Mearadd494642020-05-01 07:42:23 -0700603 #
604 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
605 # are rejected.
606 #
607 # Any operation that affects conditional role bindings must specify version
608 # `3`. This requirement applies to the following operations:
609 #
610 # * Getting a policy that includes a conditional role binding
611 # * Adding a conditional role binding to a policy
612 # * Changing a conditional role binding in a policy
613 # * Removing any role binding, with or without a condition, from a policy
614 # that includes conditions
615 #
616 # **Important:** If you use IAM Conditions, you must include the `etag` field
617 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
618 # you to overwrite a version `3` policy with a version `1` policy, and all of
619 # the conditions in the version `3` policy are lost.
620 #
621 # If a policy does not include any conditions, operations on that policy may
622 # specify any valid version or leave the field unset.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700623 #
624 # To learn which resources support conditions in their IAM policies, see the
625 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Bu Sun Kim65020912020-05-20 12:08:20 -0700626 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
627 { # Specifies the audit configuration for a service.
628 # The configuration determines which permission types are logged, and what
629 # identities, if any, are exempted from logging.
630 # An AuditConfig must have one or more AuditLogConfigs.
631 #
632 # If there are AuditConfigs for both `allServices` and a specific service,
633 # the union of the two AuditConfigs is used for that service: the log_types
634 # specified in each AuditConfig are enabled, and the exempted_members in each
635 # AuditLogConfig are exempted.
636 #
637 # Example Policy with multiple AuditConfigs:
638 #
639 # {
640 # &quot;audit_configs&quot;: [
641 # {
642 # &quot;service&quot;: &quot;allServices&quot;
643 # &quot;audit_log_configs&quot;: [
644 # {
645 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
646 # &quot;exempted_members&quot;: [
647 # &quot;user:jose@example.com&quot;
648 # ]
649 # },
650 # {
651 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
652 # },
653 # {
654 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
655 # }
656 # ]
657 # },
658 # {
659 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
660 # &quot;audit_log_configs&quot;: [
661 # {
662 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
663 # },
664 # {
665 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
666 # &quot;exempted_members&quot;: [
667 # &quot;user:aliya@example.com&quot;
668 # ]
669 # }
670 # ]
671 # }
672 # ]
673 # }
674 #
675 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
676 # logging. It also exempts jose@example.com from DATA_READ logging, and
677 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700678 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
679 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
680 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -0700681 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
682 { # Provides the configuration for logging a type of permissions.
683 # Example:
684 #
685 # {
686 # &quot;audit_log_configs&quot;: [
687 # {
688 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
689 # &quot;exempted_members&quot;: [
690 # &quot;user:jose@example.com&quot;
691 # ]
692 # },
693 # {
694 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
695 # }
696 # ]
697 # }
698 #
699 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
700 # jose@example.com from DATA_READ logging.
701 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
702 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
703 # permission.
704 # Follows the same format of Binding.members.
705 &quot;A String&quot;,
706 ],
707 },
708 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700709 },
710 ],
711 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
712 # `condition` that determines how and when the `bindings` are applied. Each
713 # of the `bindings` must contain at least one member.
714 { # Associates `members` with a `role`.
715 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
716 # `members` can have the following values:
717 #
718 # * `allUsers`: A special identifier that represents anyone who is
719 # on the internet; with or without a Google account.
720 #
721 # * `allAuthenticatedUsers`: A special identifier that represents anyone
722 # who is authenticated with a Google account or a service account.
723 #
724 # * `user:{emailid}`: An email address that represents a specific Google
725 # account. For example, `alice@example.com` .
726 #
727 #
728 # * `serviceAccount:{emailid}`: An email address that represents a service
729 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
730 #
731 # * `group:{emailid}`: An email address that represents a Google group.
732 # For example, `admins@example.com`.
733 #
734 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
735 # identifier) representing a user that has been recently deleted. For
736 # example, `alice@example.com?uid=123456789012345678901`. If the user is
737 # recovered, this value reverts to `user:{emailid}` and the recovered user
738 # retains the role in the binding.
739 #
740 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
741 # unique identifier) representing a service account that has been recently
742 # deleted. For example,
743 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
744 # If the service account is undeleted, this value reverts to
745 # `serviceAccount:{emailid}` and the undeleted service account retains the
746 # role in the binding.
747 #
748 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
749 # identifier) representing a Google group that has been recently
750 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
751 # the group is recovered, this value reverts to `group:{emailid}` and the
752 # recovered group retains the role in the binding.
753 #
754 #
755 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
756 # users of that domain. For example, `google.com` or `example.com`.
757 #
758 &quot;A String&quot;,
759 ],
760 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
761 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
762 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
763 #
764 # If the condition evaluates to `true`, then this binding applies to the
765 # current request.
766 #
767 # If the condition evaluates to `false`, then this binding does not apply to
768 # the current request. However, a different role binding might grant the same
769 # role to one or more of the members in this binding.
770 #
771 # To learn which resources support conditions in their IAM policies, see the
772 # [IAM
773 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
774 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
775 # are documented at https://github.com/google/cel-spec.
776 #
777 # Example (Comparison):
778 #
779 # title: &quot;Summary size limit&quot;
780 # description: &quot;Determines if a summary is less than 100 chars&quot;
781 # expression: &quot;document.summary.size() &lt; 100&quot;
782 #
783 # Example (Equality):
784 #
785 # title: &quot;Requestor is owner&quot;
786 # description: &quot;Determines if requestor is the document owner&quot;
787 # expression: &quot;document.owner == request.auth.claims.email&quot;
788 #
789 # Example (Logic):
790 #
791 # title: &quot;Public documents&quot;
792 # description: &quot;Determine whether the document should be publicly visible&quot;
793 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
794 #
795 # Example (Data Manipulation):
796 #
797 # title: &quot;Notification string&quot;
798 # description: &quot;Create a notification string with a timestamp.&quot;
799 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
800 #
801 # The exact variables and functions that may be referenced within an expression
802 # are determined by the service that evaluates it. See the service
803 # documentation for additional information.
804 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
805 # its purpose. This can be used e.g. in UIs which allow to enter the
806 # expression.
807 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
808 # reporting, e.g. a file name and a position in the file.
809 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
810 # describes the expression, e.g. when hovered over it in a UI.
811 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
812 # syntax.
813 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700814 },
815 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700816 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700817 &quot;accessLevel&quot;: { # An `AccessLevel` is a label that can be applied to requests to Google Cloud
Dan O'Mearadd494642020-05-01 07:42:23 -0700818 # services, along with a list of requirements necessary for the label to be
819 # applied.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700820 &quot;title&quot;: &quot;A String&quot;, # Human readable title. Must be unique within the Policy.
821 &quot;name&quot;: &quot;A String&quot;, # Required. Resource name for the Access Level. The `short_name` component
822 # must begin with a letter and only include alphanumeric and &#x27;_&#x27;. Format:
823 # `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
824 # of the `short_name` component is 50 characters.
825 &quot;basic&quot;: { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.
826 &quot;conditions&quot;: [ # Required. A list of requirements for the `AccessLevel` to be granted.
827 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an
828 # AND over its fields. So a Condition is true if: 1) the request IP is from one
829 # of the listed subnetworks AND 2) the originating device complies with the
830 # listed device policy AND 3) all listed access levels are granted AND 4) the
831 # request was sent at a time allowed by the DateTimeRestriction.
832 &quot;devicePolicy&quot;: { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the
833 # Condition to be true. If not specified, all devices are allowed.
834 # given access level. A `DevicePolicy` specifies requirements for requests from
835 # devices to be granted access levels, it does not do any enforcement on the
836 # device. `DevicePolicy` acts as an AND over all specified fields, and each
837 # repeated field is an OR over its elements. Any unset fields are ignored. For
838 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
839 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
840 # true for requests originating from encrypted Linux desktops and encrypted
841 # Windows desktops.
842 &quot;osConstraints&quot;: [ # Allowed OS versions, an empty list allows all types and all versions.
843 { # A restriction on the OS type and version of devices making requests.
844 &quot;minimumVersion&quot;: &quot;A String&quot;, # The minimum allowed OS version. If not set, any version of this OS
845 # satisfies the constraint. Format: `&quot;major.minor.patch&quot;`.
846 # Examples: `&quot;10.5.301&quot;`, `&quot;9.2.1&quot;`.
847 &quot;osType&quot;: &quot;A String&quot;, # Required. The allowed OS type.
848 &quot;requireVerifiedChromeOs&quot;: True or False, # Only allows requests from devices with a verified Chrome OS.
849 # Verifications includes requirements that the device is enterprise-managed,
850 # conformant to domain policies, and the caller has permission to call
851 # the API targeted by the request.
852 },
853 ],
854 &quot;requireCorpOwned&quot;: True or False, # Whether the device needs to be corp owned.
855 &quot;requireAdminApproval&quot;: True or False, # Whether the device needs to be approved by the customer admin.
856 &quot;requireScreenlock&quot;: True or False, # Whether or not screenlock is required for the DevicePolicy to be true.
857 # Defaults to `false`.
858 &quot;allowedEncryptionStatuses&quot;: [ # Allowed encryptions statuses, an empty list allows all statuses.
859 &quot;A String&quot;,
860 ],
861 &quot;allowedDeviceManagementLevels&quot;: [ # Allowed device management levels, an empty list allows all management
862 # levels.
863 &quot;A String&quot;,
864 ],
865 },
866 &quot;members&quot;: [ # The request must be made by one of the provided user or service
867 # accounts. Groups are not supported.
868 # Syntax:
869 # `user:{emailid}`
870 # `serviceAccount:{emailid}`
871 # If not specified, a request may come from any user.
872 &quot;A String&quot;,
873 ],
874 &quot;negate&quot;: True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over
875 # its non-empty fields, each field must be false for the Condition overall to
876 # be satisfied. Defaults to false.
877 &quot;ipSubnetworks&quot;: [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
878 # a CIDR IP address block, the specified IP address portion must be properly
879 # truncated (i.e. all the host bits must be zero) or the input is considered
880 # malformed. For example, &quot;192.0.2.0/24&quot; is accepted but &quot;192.0.2.1/24&quot; is
881 # not. Similarly, for IPv6, &quot;2001:db8::/32&quot; is accepted whereas
882 # &quot;2001:db8::1/32&quot; is not. The originating IP of a request must be in one of
883 # the listed subnets in order for this Condition to be true. If empty, all IP
884 # addresses are allowed.
885 &quot;A String&quot;,
886 ],
887 &quot;regions&quot;: [ # The request must originate from one of the provided countries/regions.
888 # Must be valid ISO 3166-1 alpha-2 codes.
889 &quot;A String&quot;,
890 ],
891 &quot;requiredAccessLevels&quot;: [ # A list of other access levels defined in the same `Policy`, referenced by
892 # resource name. Referencing an `AccessLevel` which does not exist is an
893 # error. All access levels listed must be granted for the Condition
894 # to be true. Example:
895 # &quot;`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME&quot;`
896 &quot;A String&quot;,
897 ],
898 },
899 ],
900 &quot;combiningFunction&quot;: &quot;A String&quot;, # How the `conditions` list should be combined to determine if a request is
901 # granted this `AccessLevel`. If AND is used, each `Condition` in
902 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
903 # is used, at least one `Condition` in `conditions` must be satisfied for the
904 # `AccessLevel` to be applied. Default behavior is AND.
905 },
906 &quot;description&quot;: &quot;A String&quot;, # Description of the `AccessLevel` and its use. Does not affect behavior.
Bu Sun Kim65020912020-05-20 12:08:20 -0700907 &quot;custom&quot;: { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.
Dan O'Mearadd494642020-05-01 07:42:23 -0700908 # to represent the necessary conditions for the level to apply to a request.
909 # See CEL spec at: https://github.com/google/cel-spec
Bu Sun Kim65020912020-05-20 12:08:20 -0700910 &quot;expr&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.
Dan O'Mearadd494642020-05-01 07:42:23 -0700911 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
912 # are documented at https://github.com/google/cel-spec.
913 #
914 # Example (Comparison):
915 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700916 # title: &quot;Summary size limit&quot;
917 # description: &quot;Determines if a summary is less than 100 chars&quot;
918 # expression: &quot;document.summary.size() &lt; 100&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700919 #
920 # Example (Equality):
921 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700922 # title: &quot;Requestor is owner&quot;
923 # description: &quot;Determines if requestor is the document owner&quot;
924 # expression: &quot;document.owner == request.auth.claims.email&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700925 #
926 # Example (Logic):
927 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700928 # title: &quot;Public documents&quot;
929 # description: &quot;Determine whether the document should be publicly visible&quot;
930 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700931 #
932 # Example (Data Manipulation):
933 #
Bu Sun Kim65020912020-05-20 12:08:20 -0700934 # title: &quot;Notification string&quot;
935 # description: &quot;Create a notification string with a timestamp.&quot;
936 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
Dan O'Mearadd494642020-05-01 07:42:23 -0700937 #
938 # The exact variables and functions that may be referenced within an expression
939 # are determined by the service that evaluates it. See the service
940 # documentation for additional information.
Bu Sun Kim65020912020-05-20 12:08:20 -0700941 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
Dan O'Mearadd494642020-05-01 07:42:23 -0700942 # its purpose. This can be used e.g. in UIs which allow to enter the
943 # expression.
Bu Sun Kim65020912020-05-20 12:08:20 -0700944 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
945 # reporting, e.g. a file name and a position in the file.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700946 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
947 # describes the expression, e.g. when hovered over it in a UI.
948 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
949 # syntax.
Dan O'Mearadd494642020-05-01 07:42:23 -0700950 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700951 },
952 },
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700953 &quot;assetType&quot;: &quot;A String&quot;, # The type of the asset. Example: &quot;compute.googleapis.com/Disk&quot;
954 #
955 # See [Supported asset
956 # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
957 # for more information.
958 &quot;accessPolicy&quot;: { # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
959 # attributes to use Google Cloud services) and `ServicePerimeters` (which
960 # define regions of services able to freely pass data within a perimeter). An
961 # access policy is globally visible within an organization, and the
962 # restrictions it specifies apply to all projects within an organization.
963 &quot;etag&quot;: &quot;A String&quot;, # Output only. An opaque identifier for the current version of the
964 # `AccessPolicy`. This will always be a strongly validated etag, meaning that
965 # two Access Polices will be identical if and only if their etags are
966 # identical. Clients should not expect this to be in any specific format.
967 &quot;parent&quot;: &quot;A String&quot;, # Required. The parent of this `AccessPolicy` in the Cloud Resource
968 # Hierarchy. Currently immutable once created. Format:
969 # `organizations/{organization_id}`
970 &quot;title&quot;: &quot;A String&quot;, # Required. Human readable title. Does not affect behavior.
971 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the `AccessPolicy`. Format:
972 # `accessPolicies/{policy_id}`
973 },
974 &quot;ancestors&quot;: [ # The ancestry path of an asset in Google Cloud [resource
975 # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),
976 # represented as a list of relative resource names. An ancestry path starts
977 # with the closest ancestor in the hierarchy and ends at root. If the asset
978 # is a project, folder, or organization, the ancestry path starts from the
979 # asset itself.
980 #
981 # Example: `[&quot;projects/123456789&quot;, &quot;folders/5432&quot;, &quot;organizations/1234&quot;]`
982 &quot;A String&quot;,
983 ],
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700984 },
985 },
986 ],
987 }</pre>
988</div>
989
990<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700991 <code class="details" id="exportAssets">exportAssets(parent, body=None, x__xgafv=None)</code>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700992 <pre>Exports assets with time and resource types to a given Cloud Storage
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700993location. The output format is newline-delimited JSON. Each line represents
994a google.cloud.asset.v1.Asset in the JSON format.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700995This API implements the google.longrunning.Operation API allowing you
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700996to keep track of the export. We recommend intervals of at least 2 seconds
997with exponential retry to poll the export operation result. For
998regular-size resource parent, the export operation usually finishes within
9995 minutes.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001000
1001Args:
1002 parent: string, Required. The relative name of the root asset. This can only be an
Bu Sun Kim65020912020-05-20 12:08:20 -07001003organization number (such as &quot;organizations/123&quot;), a project ID (such as
1004&quot;projects/my-project-id&quot;), or a project number (such as &quot;projects/12345&quot;),
1005or a folder number (such as &quot;folders/123&quot;). (required)
Dan O'Mearadd494642020-05-01 07:42:23 -07001006 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001007 The object takes the form of:
1008
1009{ # Export asset request.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001010 &quot;assetTypes&quot;: [ # A list of asset types of which to take a snapshot for. Example:
1011 # &quot;compute.googleapis.com/Disk&quot;. If specified, only matching assets will be
1012 # returned. See [Introduction to Cloud Asset
1013 # Inventory](https://cloud.google.com/asset-inventory/docs/overview)
1014 # for all supported asset types.
1015 &quot;A String&quot;,
1016 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001017 &quot;readTime&quot;: &quot;A String&quot;, # Timestamp to take an asset snapshot. This can only be set to a timestamp
1018 # between the current time and the current time minus 35 days (inclusive).
1019 # If not specified, the current time will be used. Due to delays in resource
1020 # data collection and indexing, there is a volatile window during which
1021 # running the same query may get different results.
1022 &quot;contentType&quot;: &quot;A String&quot;, # Asset content type. If not specified, no content but the asset name will be
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001023 # returned.
Bu Sun Kim65020912020-05-20 12:08:20 -07001024 &quot;outputConfig&quot;: { # Output configuration for export assets destination. # Required. Output configuration indicating where the results will be output
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001025 # to. All results will be in newline delimited JSON format.
Bu Sun Kim65020912020-05-20 12:08:20 -07001026 &quot;bigqueryDestination&quot;: { # A BigQuery destination. # Destination on BigQuery. The output table stores the fields in asset
Dan O'Mearadd494642020-05-01 07:42:23 -07001027 # proto as columns in BigQuery. The resource/iam_policy field is converted
1028 # to a record with each field to a column, except metadata to a single JSON
1029 # string.
Bu Sun Kim65020912020-05-20 12:08:20 -07001030 &quot;dataset&quot;: &quot;A String&quot;, # Required. The BigQuery dataset in format
1031 # &quot;projects/projectId/datasets/datasetId&quot;, to which the snapshot result
1032 # should be exported. If this dataset does not exist, the export call returns
1033 # an INVALID_ARGUMENT error.
1034 &quot;force&quot;: True or False, # If the destination table already exists and this flag is `TRUE`, the
Dan O'Mearadd494642020-05-01 07:42:23 -07001035 # table will be overwritten by the contents of assets snapshot. If the flag
1036 # is `FALSE` or unset and the destination table already exists, the export
1037 # call returns an INVALID_ARGUMEMT error.
Bu Sun Kim65020912020-05-20 12:08:20 -07001038 &quot;table&quot;: &quot;A String&quot;, # Required. The BigQuery table to which the snapshot result should be
1039 # written. If this table does not exist, a new table with the given name
1040 # will be created.
Dan O'Mearadd494642020-05-01 07:42:23 -07001041 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001042 &quot;gcsDestination&quot;: { # A Cloud Storage location. # Destination on Cloud Storage.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001043 &quot;uriPrefix&quot;: &quot;A String&quot;, # The uri prefix of all generated Cloud Storage objects. Example:
Bu Sun Kim65020912020-05-20 12:08:20 -07001044 # &quot;gs://bucket_name/object_name_prefix&quot;. Each object uri is in format:
1045 # &quot;gs://bucket_name/object_name_prefix/&lt;asset type&gt;/&lt;shard number&gt; and only
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001046 # contains assets for that type. &lt;shard number&gt; starts from 0. Example:
Bu Sun Kim65020912020-05-20 12:08:20 -07001047 # &quot;gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0&quot; is
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001048 # the first shard of output objects containing all
1049 # compute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be
Bu Sun Kim65020912020-05-20 12:08:20 -07001050 # returned if file with the same name &quot;gs://bucket_name/object_name_prefix&quot;
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001051 # already exists.
Bu Sun Kim65020912020-05-20 12:08:20 -07001052 &quot;uri&quot;: &quot;A String&quot;, # The uri of the Cloud Storage object. It&#x27;s the same uri that is used by
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001053 # gsutil. Example: &quot;gs://bucket_name/object_name&quot;. See [Viewing and
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001054 # Editing Object
1055 # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
1056 # for more information.
1057 },
1058 },
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001059 }
1060
1061 x__xgafv: string, V1 error format.
1062 Allowed values
1063 1 - v1 error format
1064 2 - v2 error format
1065
1066Returns:
1067 An object of the form:
1068
1069 { # This resource represents a long-running operation that is the result of a
1070 # network API call.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001071 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
1072 # different programming environments, including REST APIs and RPC APIs. It is
1073 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
1074 # three pieces of data: error code, error message, and error details.
1075 #
1076 # You can find out more about this error model and how to work with it in the
1077 # [API Design Guide](https://cloud.google.com/apis/design/errors).
1078 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
1079 # user-facing error message should be localized and sent in the
1080 # google.rpc.Status.details field, or localized by the client.
1081 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
1082 # message types for APIs to use.
1083 {
1084 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1085 },
1086 ],
1087 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
1088 },
1089 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
1090 # contains progress information and common metadata such as create time.
1091 # Some services might not provide such metadata. Any method that returns a
1092 # long-running operation should document the metadata type, if any.
1093 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
1094 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001095 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
1096 # If `true`, the operation is completed, and either `error` or `response` is
1097 # available.
1098 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
Dan O'Mearadd494642020-05-01 07:42:23 -07001099 # method returns no data on success, such as `Delete`, the response is
1100 # `google.protobuf.Empty`. If the original method is standard
1101 # `Get`/`Create`/`Update`, the response should be the resource. For other
1102 # methods, the response should have the type `XxxResponse`, where `Xxx`
1103 # is the original method name. For example, if the original method name
1104 # is `TakeSnapshot()`, the inferred response type is
1105 # `TakeSnapshotResponse`.
Bu Sun Kim65020912020-05-20 12:08:20 -07001106 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
Dan O'Mearadd494642020-05-01 07:42:23 -07001107 },
Bu Sun Kim65020912020-05-20 12:08:20 -07001108 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
Dan O'Mearadd494642020-05-01 07:42:23 -07001109 # originally returns it. If you use the default HTTP mapping, the
1110 # `name` should be a resource name ending with `operations/{unique_id}`.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001111 }</pre>
1112</div>
1113
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001114<div class="method">
1115 <code class="details" id="searchAllIamPolicies">searchAllIamPolicies(scope, pageToken=None, pageSize=None, query=None, x__xgafv=None)</code>
1116 <pre>Searches all the IAM policies within the given accessible scope (e.g., a
1117project, a folder or an organization). Callers should have
1118cloud.assets.SearchAllIamPolicies permission upon the requested scope,
1119otherwise the request will be rejected.
1120
1121Args:
1122 scope: string, Required. A scope can be a project, a folder or an organization. The search is
1123limited to the IAM policies within the `scope`.
1124
1125The allowed values are:
1126
1127* projects/{PROJECT_ID}
1128* projects/{PROJECT_NUMBER}
1129* folders/{FOLDER_NUMBER}
1130* organizations/{ORGANIZATION_NUMBER} (required)
1131 pageToken: string, Optional. If present, retrieve the next batch of results from the preceding call to
1132this method. `page_token` must be the value of `next_page_token` from the
1133previous response. The values of all other method parameters must be
1134identical to those in the previous call.
1135 pageSize: integer, Optional. The page size for search result pagination. Page size is capped at 500 even
1136if a larger value is given. If set to zero, server will pick an appropriate
1137default. Returned results may be fewer than requested. When this happens,
1138there could be more results as long as `next_page_token` is returned.
1139 query: string, Optional. The query statement. An empty query can be specified to search all the IAM
1140policies within the given `scope`.
1141
1142Examples:
1143
1144* `policy : &quot;amy@gmail.com&quot;` to find Cloud IAM policy bindings that
1145 specify user &quot;amy@gmail.com&quot;.
1146* `policy : &quot;roles/compute.admin&quot;` to find Cloud IAM policy bindings that
1147 specify the Compute Admin role.
1148* `policy.role.permissions : &quot;storage.buckets.update&quot;` to find Cloud IAM
1149 policy bindings that specify a role containing &quot;storage.buckets.update&quot;
1150 permission.
1151* `resource : &quot;organizations/123&quot;` to find Cloud IAM policy bindings that
1152 are set on &quot;organizations/123&quot;.
1153* `(resource : (&quot;organizations/123&quot; OR &quot;folders/1234&quot;) AND policy : &quot;amy&quot;)`
1154 to find Cloud IAM policy bindings that are set on &quot;organizations/123&quot; or
1155 &quot;folders/1234&quot;, and also specify user &quot;amy&quot;.
1156
1157See [how to construct a
1158query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
1159for more details.
1160 x__xgafv: string, V1 error format.
1161 Allowed values
1162 1 - v1 error format
1163 2 - v2 error format
1164
1165Returns:
1166 An object of the form:
1167
1168 { # Search all IAM policies response.
1169 &quot;nextPageToken&quot;: &quot;A String&quot;, # Set if there are more results than those appearing in this response; to get
1170 # the next set of results, call this method again, using this value as the
1171 # `page_token`.
1172 &quot;results&quot;: [ # A list of IamPolicy that match the search query. Related information such
1173 # as the associated resource is returned along with the policy.
1174 { # A result of IAM Policy search, containing information of an IAM policy.
1175 &quot;resource&quot;: &quot;A String&quot;, # The full resource name of the resource associated with this IAM policy.
1176 # Example:
1177 # &quot;//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1&quot;.
1178 # See [Cloud Asset Inventory Resource Name
1179 # Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
1180 # for more information.
1181 #
1182 # To search against the `resource`:
1183 #
1184 # * use a field query. Example: `resource : &quot;organizations/123&quot;`
1185 &quot;explanation&quot;: { # Explanation about the IAM policy search result. # Explanation about the IAM policy search result. It contains additional
1186 # information to explain why the search result matches the query.
1187 &quot;matchedPermissions&quot;: { # The map from roles to their included permissions that match the
1188 # permission query (i.e., a query containing `policy.role.permissions:`).
1189 # Example: if query `policy.role.permissions : &quot;compute.disk.get&quot;`
1190 # matches a policy binding that contains owner role, the
1191 # matched_permissions will be {&quot;roles/owner&quot;: [&quot;compute.disk.get&quot;]}. The
1192 # roles can also be found in the returned `policy` bindings. Note that the
1193 # map is populated only for requests with permission queries.
1194 &quot;a_key&quot;: { # IAM permissions
1195 &quot;permissions&quot;: [ # A list of permissions. A sample permission string: &quot;compute.disk.get&quot;.
1196 &quot;A String&quot;,
1197 ],
1198 },
1199 },
1200 },
1201 &quot;project&quot;: &quot;A String&quot;, # The project that the associated GCP resource belongs to, in the form of
1202 # projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM
1203 # instance, Cloud Storage bucket), the project field will indicate the
1204 # project that contains the resource. If an IAM policy is set on a folder or
1205 # orgnization, the project field will be empty.
1206 #
1207 # To search against the `project`:
1208 #
1209 # * specify the `scope` field as this project in your search request.
1210 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # The IAM policy directly set on the given resource. Note that the original
1211 # IAM policy can contain multiple bindings. This only contains the bindings
1212 # that match the given query. For queries that don&#x27;t contain a constrain on
1213 # policies (e.g., an empty query), this contains all the bindings.
1214 #
1215 # To search against the `policy` bindings:
1216 #
1217 # * use a field query, as following:
1218 # - query by the policy contained members. Example:
1219 # `policy : &quot;amy@gmail.com&quot;`
1220 # - query by the policy contained roles. Example:
1221 # `policy : &quot;roles/compute.admin&quot;`
1222 # - query by the policy contained roles&#x27; implied permissions. Example:
1223 # `policy.role.permissions : &quot;compute.instances.create&quot;`
1224 # controls for Google Cloud resources.
1225 #
1226 #
1227 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1228 # `members` to a single `role`. Members can be user accounts, service accounts,
1229 # Google groups, and domains (such as G Suite). A `role` is a named list of
1230 # permissions; each `role` can be an IAM predefined role or a user-created
1231 # custom role.
1232 #
1233 # For some types of Google Cloud resources, a `binding` can also specify a
1234 # `condition`, which is a logical expression that allows access to a resource
1235 # only if the expression evaluates to `true`. A condition can add constraints
1236 # based on attributes of the request, the resource, or both. To learn which
1237 # resources support conditions in their IAM policies, see the
1238 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1239 #
1240 # **JSON example:**
1241 #
1242 # {
1243 # &quot;bindings&quot;: [
1244 # {
1245 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1246 # &quot;members&quot;: [
1247 # &quot;user:mike@example.com&quot;,
1248 # &quot;group:admins@example.com&quot;,
1249 # &quot;domain:google.com&quot;,
1250 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
1251 # ]
1252 # },
1253 # {
1254 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1255 # &quot;members&quot;: [
1256 # &quot;user:eve@example.com&quot;
1257 # ],
1258 # &quot;condition&quot;: {
1259 # &quot;title&quot;: &quot;expirable access&quot;,
1260 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1261 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
1262 # }
1263 # }
1264 # ],
1265 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1266 # &quot;version&quot;: 3
1267 # }
1268 #
1269 # **YAML example:**
1270 #
1271 # bindings:
1272 # - members:
1273 # - user:mike@example.com
1274 # - group:admins@example.com
1275 # - domain:google.com
1276 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1277 # role: roles/resourcemanager.organizationAdmin
1278 # - members:
1279 # - user:eve@example.com
1280 # role: roles/resourcemanager.organizationViewer
1281 # condition:
1282 # title: expirable access
1283 # description: Does not grant access after Sep 2020
1284 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
1285 # - etag: BwWWja0YfJA=
1286 # - version: 3
1287 #
1288 # For a description of IAM and its features, see the
1289 # [IAM documentation](https://cloud.google.com/iam/docs/).
1290 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1291 # prevent simultaneous updates of a policy from overwriting each other.
1292 # It is strongly suggested that systems make use of the `etag` in the
1293 # read-modify-write cycle to perform policy updates in order to avoid race
1294 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1295 # systems are expected to put that etag in the request to `setIamPolicy` to
1296 # ensure that their change will be applied to the same version of the policy.
1297 #
1298 # **Important:** If you use IAM Conditions, you must include the `etag` field
1299 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1300 # you to overwrite a version `3` policy with a version `1` policy, and all of
1301 # the conditions in the version `3` policy are lost.
1302 &quot;version&quot;: 42, # Specifies the format of the policy.
1303 #
1304 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1305 # are rejected.
1306 #
1307 # Any operation that affects conditional role bindings must specify version
1308 # `3`. This requirement applies to the following operations:
1309 #
1310 # * Getting a policy that includes a conditional role binding
1311 # * Adding a conditional role binding to a policy
1312 # * Changing a conditional role binding in a policy
1313 # * Removing any role binding, with or without a condition, from a policy
1314 # that includes conditions
1315 #
1316 # **Important:** If you use IAM Conditions, you must include the `etag` field
1317 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1318 # you to overwrite a version `3` policy with a version `1` policy, and all of
1319 # the conditions in the version `3` policy are lost.
1320 #
1321 # If a policy does not include any conditions, operations on that policy may
1322 # specify any valid version or leave the field unset.
1323 #
1324 # To learn which resources support conditions in their IAM policies, see the
1325 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1326 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1327 { # Specifies the audit configuration for a service.
1328 # The configuration determines which permission types are logged, and what
1329 # identities, if any, are exempted from logging.
1330 # An AuditConfig must have one or more AuditLogConfigs.
1331 #
1332 # If there are AuditConfigs for both `allServices` and a specific service,
1333 # the union of the two AuditConfigs is used for that service: the log_types
1334 # specified in each AuditConfig are enabled, and the exempted_members in each
1335 # AuditLogConfig are exempted.
1336 #
1337 # Example Policy with multiple AuditConfigs:
1338 #
1339 # {
1340 # &quot;audit_configs&quot;: [
1341 # {
1342 # &quot;service&quot;: &quot;allServices&quot;
1343 # &quot;audit_log_configs&quot;: [
1344 # {
1345 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1346 # &quot;exempted_members&quot;: [
1347 # &quot;user:jose@example.com&quot;
1348 # ]
1349 # },
1350 # {
1351 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1352 # },
1353 # {
1354 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1355 # }
1356 # ]
1357 # },
1358 # {
1359 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1360 # &quot;audit_log_configs&quot;: [
1361 # {
1362 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1363 # },
1364 # {
1365 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1366 # &quot;exempted_members&quot;: [
1367 # &quot;user:aliya@example.com&quot;
1368 # ]
1369 # }
1370 # ]
1371 # }
1372 # ]
1373 # }
1374 #
1375 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1376 # logging. It also exempts jose@example.com from DATA_READ logging, and
1377 # aliya@example.com from DATA_WRITE logging.
1378 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1379 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1380 # `allServices` is a special value that covers all services.
1381 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1382 { # Provides the configuration for logging a type of permissions.
1383 # Example:
1384 #
1385 # {
1386 # &quot;audit_log_configs&quot;: [
1387 # {
1388 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1389 # &quot;exempted_members&quot;: [
1390 # &quot;user:jose@example.com&quot;
1391 # ]
1392 # },
1393 # {
1394 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1395 # }
1396 # ]
1397 # }
1398 #
1399 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1400 # jose@example.com from DATA_READ logging.
1401 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
1402 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1403 # permission.
1404 # Follows the same format of Binding.members.
1405 &quot;A String&quot;,
1406 ],
1407 },
1408 ],
1409 },
1410 ],
1411 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
1412 # `condition` that determines how and when the `bindings` are applied. Each
1413 # of the `bindings` must contain at least one member.
1414 { # Associates `members` with a `role`.
1415 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
1416 # `members` can have the following values:
1417 #
1418 # * `allUsers`: A special identifier that represents anyone who is
1419 # on the internet; with or without a Google account.
1420 #
1421 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1422 # who is authenticated with a Google account or a service account.
1423 #
1424 # * `user:{emailid}`: An email address that represents a specific Google
1425 # account. For example, `alice@example.com` .
1426 #
1427 #
1428 # * `serviceAccount:{emailid}`: An email address that represents a service
1429 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1430 #
1431 # * `group:{emailid}`: An email address that represents a Google group.
1432 # For example, `admins@example.com`.
1433 #
1434 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1435 # identifier) representing a user that has been recently deleted. For
1436 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1437 # recovered, this value reverts to `user:{emailid}` and the recovered user
1438 # retains the role in the binding.
1439 #
1440 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1441 # unique identifier) representing a service account that has been recently
1442 # deleted. For example,
1443 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1444 # If the service account is undeleted, this value reverts to
1445 # `serviceAccount:{emailid}` and the undeleted service account retains the
1446 # role in the binding.
1447 #
1448 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1449 # identifier) representing a Google group that has been recently
1450 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1451 # the group is recovered, this value reverts to `group:{emailid}` and the
1452 # recovered group retains the role in the binding.
1453 #
1454 #
1455 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1456 # users of that domain. For example, `google.com` or `example.com`.
1457 #
1458 &quot;A String&quot;,
1459 ],
1460 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1461 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1462 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1463 #
1464 # If the condition evaluates to `true`, then this binding applies to the
1465 # current request.
1466 #
1467 # If the condition evaluates to `false`, then this binding does not apply to
1468 # the current request. However, a different role binding might grant the same
1469 # role to one or more of the members in this binding.
1470 #
1471 # To learn which resources support conditions in their IAM policies, see the
1472 # [IAM
1473 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1474 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1475 # are documented at https://github.com/google/cel-spec.
1476 #
1477 # Example (Comparison):
1478 #
1479 # title: &quot;Summary size limit&quot;
1480 # description: &quot;Determines if a summary is less than 100 chars&quot;
1481 # expression: &quot;document.summary.size() &lt; 100&quot;
1482 #
1483 # Example (Equality):
1484 #
1485 # title: &quot;Requestor is owner&quot;
1486 # description: &quot;Determines if requestor is the document owner&quot;
1487 # expression: &quot;document.owner == request.auth.claims.email&quot;
1488 #
1489 # Example (Logic):
1490 #
1491 # title: &quot;Public documents&quot;
1492 # description: &quot;Determine whether the document should be publicly visible&quot;
1493 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1494 #
1495 # Example (Data Manipulation):
1496 #
1497 # title: &quot;Notification string&quot;
1498 # description: &quot;Create a notification string with a timestamp.&quot;
1499 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1500 #
1501 # The exact variables and functions that may be referenced within an expression
1502 # are determined by the service that evaluates it. See the service
1503 # documentation for additional information.
1504 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1505 # its purpose. This can be used e.g. in UIs which allow to enter the
1506 # expression.
1507 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1508 # reporting, e.g. a file name and a position in the file.
1509 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1510 # describes the expression, e.g. when hovered over it in a UI.
1511 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1512 # syntax.
1513 },
1514 },
1515 ],
1516 },
1517 },
1518 ],
1519 }</pre>
1520</div>
1521
1522<div class="method">
1523 <code class="details" id="searchAllIamPolicies_next">searchAllIamPolicies_next(previous_request, previous_response)</code>
1524 <pre>Retrieves the next page of results.
1525
1526Args:
1527 previous_request: The request for the previous page. (required)
1528 previous_response: The response from the request for the previous page. (required)
1529
1530Returns:
1531 A request object that you can call &#x27;execute()&#x27; on to request the next
1532 page. Returns None if there are no more items in the collection.
1533 </pre>
1534</div>
1535
1536<div class="method">
1537 <code class="details" id="searchAllResources">searchAllResources(scope, pageToken=None, pageSize=None, query=None, assetTypes=None, orderBy=None, x__xgafv=None)</code>
1538 <pre>Searches all the resources within the given accessible scope (e.g., a
1539project, a folder or an organization). Callers should have
1540cloud.assets.SearchAllResources permission upon the requested scope,
1541otherwise the request will be rejected.
1542
1543Args:
1544 scope: string, Required. A scope can be a project, a folder or an organization. The search is
1545limited to the resources within the `scope`.
1546
1547The allowed values are:
1548
1549* projects/{PROJECT_ID}
1550* projects/{PROJECT_NUMBER}
1551* folders/{FOLDER_NUMBER}
1552* organizations/{ORGANIZATION_NUMBER} (required)
1553 pageToken: string, Optional. If present, then retrieve the next batch of results from the preceding call
1554to this method. `page_token` must be the value of `next_page_token` from
1555the previous response. The values of all other method parameters, must be
1556identical to those in the previous call.
1557 pageSize: integer, Optional. The page size for search result pagination. Page size is capped at 500 even
1558if a larger value is given. If set to zero, server will pick an appropriate
1559default. Returned results may be fewer than requested. When this happens,
1560there could be more results as long as `next_page_token` is returned.
1561 query: string, Optional. The query statement. An empty query can be specified to search all the
1562resources of certain `asset_types` within the given `scope`.
1563
1564Examples:
1565
1566* `name : &quot;Important&quot;` to find Cloud resources whose name contains
1567 &quot;Important&quot; as a word.
1568* `displayName : &quot;Impor*&quot;` to find Cloud resources whose display name
1569 contains &quot;Impor&quot; as a word prefix.
1570* `description : &quot;*por*&quot;` to find Cloud resources whose description
1571 contains &quot;por&quot; as a substring.
1572* `location : &quot;us-west*&quot;` to find Cloud resources whose location is
1573 prefixed with &quot;us-west&quot;.
1574* `labels : &quot;prod&quot;` to find Cloud resources whose labels contain &quot;prod&quot; as
1575 a key or value.
1576* `labels.env : &quot;prod&quot;` to find Cloud resources which have a label &quot;env&quot;
1577 and its value is &quot;prod&quot;.
1578* `labels.env : *` to find Cloud resources which have a label &quot;env&quot;.
1579* `&quot;Important&quot;` to find Cloud resources which contain &quot;Important&quot; as a word
1580 in any of the searchable fields.
1581* `&quot;Impor*&quot;` to find Cloud resources which contain &quot;Impor&quot; as a word prefix
1582 in any of the searchable fields.
1583* `&quot;*por*&quot;` to find Cloud resources which contain &quot;por&quot; as a substring in
1584 any of the searchable fields.
1585* `(&quot;Important&quot; AND location : (&quot;us-west1&quot; OR &quot;global&quot;))` to find Cloud
1586 resources which contain &quot;Important&quot; as a word in any of the searchable
1587 fields and are also located in the &quot;us-west1&quot; region or the &quot;global&quot;
1588 location.
1589
1590See [how to construct a
1591query](https://cloud.google.com/asset-inventory/docs/searching-resources#how_to_construct_a_query)
1592for more details.
1593 assetTypes: string, Optional. A list of asset types that this request searches for. If empty, it will
1594search all the [searchable asset
1595types](https://cloud.google.com/asset-inventory/docs/supported-asset-types#searchable_asset_types). (repeated)
1596 orderBy: string, Optional. A comma separated list of fields specifying the sorting order of the
1597results. The default order is ascending. Add &quot; DESC&quot; after the field name
1598to indicate descending order. Redundant space characters are ignored.
1599Example: &quot;location DESC, name&quot;. See [supported resource metadata
1600fields](https://cloud.google.com/asset-inventory/docs/searching-resources#query_on_resource_metadata_fields)
1601for more details.
1602 x__xgafv: string, V1 error format.
1603 Allowed values
1604 1 - v1 error format
1605 2 - v2 error format
1606
1607Returns:
1608 An object of the form:
1609
1610 { # Search all resources response.
1611 &quot;nextPageToken&quot;: &quot;A String&quot;, # If there are more results than those appearing in this response, then
1612 # `next_page_token` is included. To get the next set of results, call this
1613 # method again using the value of `next_page_token` as `page_token`.
1614 &quot;results&quot;: [ # A list of Resources that match the search query. It contains the resource
1615 # standard metadata information.
1616 { # A result of Resource Search, containing information of a cloud resoure.
1617 &quot;labels&quot;: { # Labels associated with this resource. See [Labelling and grouping GCP
1618 # resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
1619 # for more information.
1620 #
1621 # To search against the `labels`:
1622 #
1623 # * use a field query, as following:
1624 # - query on any label&#x27;s key or value. Example: `labels : &quot;prod&quot;`
1625 # - query by a given label. Example: `labels.env : &quot;prod&quot;`
1626 # - query by a given label&#x27;sexistence. Example: `labels.env : *`
1627 # * use a free text query. Example: `&quot;prod&quot;`
1628 &quot;a_key&quot;: &quot;A String&quot;,
1629 },
1630 &quot;name&quot;: &quot;A String&quot;, # The full resource name of this resource. Example:
1631 # &quot;//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1&quot;.
1632 # See [Cloud Asset Inventory Resource Name
1633 # Format](https://cloud.google.com/asset-inventory/docs/resource-name-format)
1634 # for more information.
1635 #
1636 # To search against the `name`:
1637 #
1638 # * use a field query. Example: `name : &quot;instance1&quot;`
1639 # * use a free text query. Example: `&quot;instance1&quot;`
1640 &quot;project&quot;: &quot;A String&quot;, # The project that this resource belongs to, in the form of
1641 # projects/{PROJECT_NUMBER}.
1642 #
1643 # To search against the `project`:
1644 #
1645 # * specify the `scope` field as this project in your search request.
1646 &quot;networkTags&quot;: [ # Network tags associated with this resource. Like labels, network tags are a
1647 # type of annotations used to group GCP resources. See [Labelling GCP
1648 # resources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)
1649 # for more information.
1650 #
1651 # To search against the `network_tags`:
1652 #
1653 # * use a field query. Example: `networkTags : &quot;internal&quot;`
1654 # * use a free text query. Example: `&quot;internal&quot;`
1655 &quot;A String&quot;,
1656 ],
1657 &quot;location&quot;: &quot;A String&quot;, # Location can be &quot;global&quot;, regional like &quot;us-east1&quot;, or zonal like
1658 # &quot;us-west1-b&quot;.
1659 #
1660 # To search against the `location`:
1661 #
1662 # * use a field query. Example: `location : &quot;us-west*&quot;`
1663 # * use a free text query. Example: `&quot;us-west*&quot;`
1664 &quot;assetType&quot;: &quot;A String&quot;, # The type of this resource. Example: &quot;compute.googleapis.com/Disk&quot;.
1665 #
1666 # To search against the `asset_type`:
1667 #
1668 # * specify the `asset_type` field in your search request.
1669 &quot;additionalAttributes&quot;: { # The additional attributes of this resource. The attributes may vary from
1670 # one resource type to another. Examples: &quot;projectId&quot; for Project,
1671 # &quot;dnsName&quot; for DNS ManagedZone.
1672 #
1673 # To search against the `additional_attributes`:
1674 #
1675 # * use a free text query to match the attributes values. Example: to search
1676 # additional_attributes = { dnsName: &quot;foobar&quot; }, you can issue a query
1677 # `&quot;foobar&quot;`.
1678 &quot;a_key&quot;: &quot;&quot;, # Properties of the object.
1679 },
1680 &quot;displayName&quot;: &quot;A String&quot;, # The display name of this resource.
1681 #
1682 # To search against the `display_name`:
1683 #
1684 # * use a field query. Example: `displayName : &quot;My Instance&quot;`
1685 # * use a free text query. Example: `&quot;My Instance&quot;`
1686 &quot;description&quot;: &quot;A String&quot;, # One or more paragraphs of text description of this resource. Maximum length
1687 # could be up to 1M bytes.
1688 #
1689 # To search against the `description`:
1690 #
1691 # * use a field query. Example: `description : &quot;*important instance*&quot;`
1692 # * use a free text query. Example: `&quot;*important instance*&quot;`
1693 },
1694 ],
1695 }</pre>
1696</div>
1697
1698<div class="method">
1699 <code class="details" id="searchAllResources_next">searchAllResources_next(previous_request, previous_response)</code>
1700 <pre>Retrieves the next page of results.
1701
1702Args:
1703 previous_request: The request for the previous page. (required)
1704 previous_response: The response from the request for the previous page. (required)
1705
1706Returns:
1707 A request object that you can call &#x27;execute()&#x27; on to request the next
1708 page. Returns None if there are no more items in the collection.
1709 </pre>
1710</div>
1711
Bu Sun Kim715bd7f2019-06-14 16:50:42 -07001712</body></html>