Blame - docs/dyn/healthcare_v1.projects.locations.datasets.html - platform/external/python/google-api-python-client

<h1><a href="healthcare_v1.html">Cloud Healthcare API</a> . <a href="healthcare_v1.projects.html">projects</a> . <a href="healthcare_v1.projects.locations.html">locations</a> . <a href="healthcare_v1.projects.locations.datasets.html">datasets</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="healthcare_v1.projects.locations.datasets.dicomStores.html">dicomStores()</a></code>

79

</p>

80

<p class="firstline">Returns the dicomStores Resource.</p>

81

82

83

<code><a href="healthcare_v1.projects.locations.datasets.fhirStores.html">fhirStores()</a></code>

84

</p>

85

<p class="firstline">Returns the fhirStores Resource.</p>

86

87

88

<code><a href="healthcare_v1.projects.locations.datasets.hl7V2Stores.html">hl7V2Stores()</a></code>

89

</p>

90

<p class="firstline">Returns the hl7V2Stores Resource.</p>

91

92

93

<code><a href="healthcare_v1.projects.locations.datasets.operations.html">operations()</a></code>

94

</p>

95

<p class="firstline">Returns the operations Resource.</p>

96

97

98

<code><a href="#create">create(parent, body=None, datasetId=None, x__xgafv=None)</a></code></p>

99

<p class="firstline">Creates a new health dataset. Results are returned through the</p>

100

101

<code><a href="#deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</a></code></p>

102

<p class="firstline">Creates a new dataset containing de-identified data from the source</p>

103

104

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

105

<p class="firstline">Deletes the specified health dataset and all data contained in the dataset.</p>

106

107

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

108

<p class="firstline">Gets any metadata associated with a dataset.</p>

109

110

<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>

111

<p class="firstline">Gets the access control policy for a resource.</p>

112

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

113

<code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

114

<p class="firstline">Lists the health datasets in the current project.</p>

115

116

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

117

<p class="firstline">Retrieves the next page of results.</p>

118

119

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

120

<p class="firstline">Updates dataset metadata.</p>

121

122

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

123

<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>

124

125

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

126

<p class="firstline">Returns permissions that a caller has on the specified resource.</p>

127

<h3>Method Details</h3>

128

129

<code class="details" id="create">create(parent, body=None, datasetId=None, x__xgafv=None)</code>

130

<pre>Creates a new health dataset. Results are returned through the

131

Operation interface which returns either an

132

`Operation.response` which contains a Dataset or

133

`Operation.error`. The metadata

134

field type is OperationMetadata.

135

A Google Cloud Platform project can contain up to 500 datasets across all

regions.

Args:

parent: string, The name of the project where the server creates the dataset. For

140

example, `projects/{project_id}/locations/{location_id}`. (required)

141

body: object, The request body.

142

The object takes the form of:

143

144

{ # A message representing a health dataset.

145

#

146

# A health dataset represents a collection of healthcare data pertaining to one

147

# or more patients. This may include multiple modalities of healthcare data,

148

# such as electronic medical records or medical imaging data.

149

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

150

# time zone name such as "America/New_York" or empty, which defaults to UTC.

151

# This is used for parsing times in resources, such as HL7 messages, where no

152

# explicit timezone is specified.

153

"name": "A String", # Output only. Resource name of the dataset, of the form

154

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

155

}

156

157

datasetId: string, The ID of the dataset that is being created.

158

The string must match the following regex: `[\p{L}\p{N}_\-\.]{1,256}`.

159

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

166

167

{ # This resource represents a long-running operation that is the result of a

168

# network API call.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

169

"done": True or False, # If the value is `false`, it means the operation is still in progress.

170

# If `true`, the operation is completed, and either `error` or `response` is

171

# available.

172

"response": { # The normal response of the operation in case of success. If the original

173

# method returns no data on success, such as `Delete`, the response is

174

# `google.protobuf.Empty`. If the original method is standard

175

# `Get`/`Create`/`Update`, the response should be the resource. For other

176

# methods, the response should have the type `XxxResponse`, where `Xxx`

177

# is the original method name. For example, if the original method name

178

# is `TakeSnapshot()`, the inferred response type is

179

# `TakeSnapshotResponse`.

180

"a_key": "", # Properties of the object. Contains field @type with type URL.

181

},

182

"name": "A String", # The server-assigned name, which is only unique within the same service that

183

# originally returns it. If you use the default HTTP mapping, the

184

# `name` should be a resource name ending with `operations/{unique_id}`.

185

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

186

# different programming environments, including REST APIs and RPC APIs. It is

187

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

188

# three pieces of data: error code, error message, and error details.

189

#

190

# You can find out more about this error model and how to work with it in the

191

# [API Design Guide](https://cloud.google.com/apis/design/errors).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

192

"message": "A String", # A developer-facing error message, which should be in English. Any

193

# user-facing error message should be localized and sent in the

194

# google.rpc.Status.details field, or localized by the client.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

195

"details": [ # A list of messages that carry the error details. There is a common set of

196

# message types for APIs to use.

197

{

198

"a_key": "", # Properties of the object. Contains field @type with type URL.

199

},

200

],

201

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

202

},

203

"metadata": { # Service-specific metadata associated with the operation. It typically

204

# contains progress information and common metadata such as create time.

205

# Some services might not provide such metadata. Any method that returns a

206

# long-running operation should document the metadata type, if any.

207

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

}</pre>

</div>

<code class="details" id="deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</code>

214

<pre>Creates a new dataset containing de-identified data from the source

215

dataset. The metadata field type

216

is OperationMetadata.

217

If the request is successful, the

218

response field type is

219

DeidentifySummary.

220

If errors occur, error is set.

221

The LRO result may still be successful if de-identification fails for some

222

DICOM instances. The new de-identified dataset will not contain these

223

failed resources. Failed resource totals are tracked in

224

Operation.metadata.

225

Error details are also logged to Cloud Logging. For more information,

226

see [Viewing logs](/healthcare/docs/how-tos/logging).

227

228

Args:

229

sourceDataset: string, Source dataset resource name. For example,

230

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

231

body: object, The request body.

232

The object takes the form of:

233

234

{ # Redacts identifying information from the specified dataset.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

235

"destinationDataset": "A String", # The name of the dataset resource to create and write the redacted data to.

236

#

237

# * The destination dataset must not exist.

238

# * The destination dataset must be in the same project and location as the

239

# source dataset. De-identifying data across multiple projects or locations

240

# is not supported.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

241

"config": { # Configures de-id options specific to different types of content. # Deidentify configuration.

242

# Each submessage customizes the handling of an

243

# https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are

244

# applied in a nested manner at runtime.

245

"text": { # Configures de-identification of text wherever it is found in the

246

# source_dataset.

247

"transformations": [ # The transformations to apply to the detected data.

248

{ # A transformation to apply to text that is identified as a specific

249

# info_type.

250

"dateShiftConfig": { # Shift a date forward or backward in time by a random amount which is # Config for date shift.

251

# consistent for a given patient and crypto key combination.

252

"cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the shift to be computed based on this

253

# key and the patient ID. A default key is generated for each

254

# Deidentify operation and is used wherever crypto_key is not specified.

255

},

256

"characterMaskConfig": { # Mask a string by replacing its characters with a fixed character. # Config for character mask.

257

"maskingCharacter": "A String", # Character to mask the sensitive values. If not supplied, defaults to "*".

258

},

259

"redactConfig": { # Define how to redact sensitive values. Default behaviour is erase. # Config for text redaction.

260

# For example, "My name is Jane." becomes "My name is ."

261

},

262

"infoTypes": [ # InfoTypes to apply this transformation to. If this is not specified, the

263

# transformation applies to any info_type.

264

"A String",

265

],

266

"replaceWithInfoTypeConfig": { # When using the # Config for replace with InfoType.

267

# INSPECT_AND_TRANSFORM

268

# action, each match is replaced with the name of the info_type. For example,

269

# "My name is Jane" becomes "My name is [PERSON_NAME]." The

270

# TRANSFORM

271

# action is equivalent to redacting.

272

},

273

"cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Config for crypto hash.

274

# Uses SHA-256.

275

# Outputs a base64-encoded representation of the hashed output

276

# (for example, `L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=`).

277

"cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the hash to be computed based on this

278

# key. A default key is generated for each Deidentify operation and is used

279

# wherever crypto_key is not specified.

},

},

],

},

"dicom": { # Specifies the parameters needed for de-identification of DICOM stores. # Configures de-id of application/DICOM content.

285

"filterProfile": "A String", # Tag filtering profile that determines which tags to keep/remove.

286

"skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID,

287

# SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched.

288

# The Cloud Healthcare API regenerates these UIDs by default based on the

289

# DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly

290

# to an individual out of context, given access to the original images, or

291

# to a database of the original images containing the UIDs, it would be

292

# possible to recover the individual's identity."

293

# http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html

294

"keepList": { # List of tags to be filtered. # List of tags to keep. Remove all other tags.

295

"tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta

296

# Elements, or Directory Structuring Elements, as defined at:

297

# http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.

298

# They may be provided by "Keyword" or "Tag". For example "PatientID",

# "00100010".

"A String",

],

},

"removeList": { # List of tags to be filtered. # List of tags to remove. Keep all other tags.

304

"tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta

305

# Elements, or Directory Structuring Elements, as defined at:

306

# http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.

307

# They may be provided by "Keyword" or "Tag". For example "PatientID",

# "00100010".

"A String",

],

},

},

"fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.

314

"fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that

315

# is not matched by a FieldMetadata is passed through to the output

316

# dataset unmodified. All extensions are removed in the output.

317

{ # Specifies FHIR paths to match, and how to handle de-identification of

318

# matching fields.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

319

"paths": [ # List of paths to FHIR fields to be redacted. Each path is a

320

# period-separated list where each component is either a field name or

321

# FHIR type name, for example: Patient, HumanName.

322

# For "choice" types (those defined in the FHIR spec with the form:

323

# field[x]) we use two separate components. For example,

324

# "deceasedAge.unit" is matched by "Deceased.Age.unit".

325

# Supported types are: AdministrativeGenderCode, Code, Date, DateTime,

326

# Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid,

327

# Xhtml.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

328

# Base64Binary is also supported, but may only be kept as-is or have all

329

# the content removed.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

330

"A String",

331

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

332

"action": "A String", # Deidentify action for one field.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

],

},

"image": { # Specifies how to handle de-identification of image pixels. # Configures de-identification of image pixels wherever they are found in the

337

# source_dataset.

338

"textRedactionMode": "A String", # Determines how to redact text from image.

339

},

340

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

341

}

342

343

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

350

351

{ # This resource represents a long-running operation that is the result of a

352

# network API call.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

353

"done": True or False, # If the value is `false`, it means the operation is still in progress.

354

# If `true`, the operation is completed, and either `error` or `response` is

355

# available.

356

"response": { # The normal response of the operation in case of success. If the original

357

# method returns no data on success, such as `Delete`, the response is

358

# `google.protobuf.Empty`. If the original method is standard

359

# `Get`/`Create`/`Update`, the response should be the resource. For other

360

# methods, the response should have the type `XxxResponse`, where `Xxx`

361

# is the original method name. For example, if the original method name

362

# is `TakeSnapshot()`, the inferred response type is

363

# `TakeSnapshotResponse`.

364

"a_key": "", # Properties of the object. Contains field @type with type URL.

365

},

366

"name": "A String", # The server-assigned name, which is only unique within the same service that

367

# originally returns it. If you use the default HTTP mapping, the

368

# `name` should be a resource name ending with `operations/{unique_id}`.

369

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

370

# different programming environments, including REST APIs and RPC APIs. It is

371

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

372

# three pieces of data: error code, error message, and error details.

373

#

374

# You can find out more about this error model and how to work with it in the

375

# [API Design Guide](https://cloud.google.com/apis/design/errors).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

376

"message": "A String", # A developer-facing error message, which should be in English. Any

377

# user-facing error message should be localized and sent in the

378

# google.rpc.Status.details field, or localized by the client.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

379

"details": [ # A list of messages that carry the error details. There is a common set of

380

# message types for APIs to use.

381

{

382

"a_key": "", # Properties of the object. Contains field @type with type URL.

383

},

384

],

385

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

386

},

387

"metadata": { # Service-specific metadata associated with the operation. It typically

388

# contains progress information and common metadata such as create time.

389

# Some services might not provide such metadata. Any method that returns a

390

# long-running operation should document the metadata type, if any.

391

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

},

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

398

<pre>Deletes the specified health dataset and all data contained in the dataset.

399

Deleting a dataset does not affect the sources from which the dataset was

imported (if any).

Args:

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

405

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

412

413

{ # A generic empty message that you can re-use to avoid defining duplicated

414

# empty messages in your APIs. A typical example is to use it as the request

415

# or the response type of an API method. For instance:

416

#

417

# service Foo {

418

# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);

419

# }

420

#

421

# The JSON representation for `Empty` is empty JSON object `{}`.

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

427

<pre>Gets any metadata associated with a dataset.

Args:

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

432

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

439

440

{ # A message representing a health dataset.

441

#

442

# A health dataset represents a collection of healthcare data pertaining to one

443

# or more patients. This may include multiple modalities of healthcare data,

444

# such as electronic medical records or medical imaging data.

445

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

446

# time zone name such as "America/New_York" or empty, which defaults to UTC.

447

# This is used for parsing times in resources, such as HL7 messages, where no

448

# explicit timezone is specified.

449

"name": "A String", # Output only. Resource name of the dataset, of the form

450

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>

456

<pre>Gets the access control policy for a resource.

457

Returns an empty policy if the resource exists and does not have a policy

set.

Args:

resource: string, REQUIRED: The resource for which the policy is being requested.

462

See the operation documentation for the appropriate value for this field. (required)

463

options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.

464

465

Valid values are 0, 1, and 3. Requests specifying an invalid value will be

466

rejected.

467

468

Requests for policies with any conditional bindings must specify version 3.

469

Policies without any conditional bindings may specify any valid value or

470

leave the field unset.

471

472

To learn which resources support conditions in their IAM policies, see the

473

[IAM

474

documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

475

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

482

483

{ # An Identity and Access Management (IAM) policy, which specifies access

484

# controls for Google Cloud resources.

485

#

486

#

487

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

488

# `members` to a single `role`. Members can be user accounts, service accounts,

489

# Google groups, and domains (such as G Suite). A `role` is a named list of

490

# permissions; each `role` can be an IAM predefined role or a user-created

491

# custom role.

492

#

493

# For some types of Google Cloud resources, a `binding` can also specify a

494

# `condition`, which is a logical expression that allows access to a resource

495

# only if the expression evaluates to `true`. A condition can add constraints

496

# based on attributes of the request, the resource, or both. To learn which

497

# resources support conditions in their IAM policies, see the

498

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

506

# "members": [

507

# "user:mike@example.com",

508

# "group:admins@example.com",

509

# "domain:google.com",

510

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

515

# "members": [

516

# "user:eve@example.com"

517

# ],

518

# "condition": {

519

# "title": "expirable access",

520

# "description": "Does not grant access after Sep 2020",

521

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

534

# - group:admins@example.com

535

# - domain:google.com

536

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

537

# role: roles/resourcemanager.organizationAdmin

538

# - members:

539

# - user:eve@example.com

540

# role: roles/resourcemanager.organizationViewer

541

# condition:

542

# title: expirable access

543

# description: Does not grant access after Sep 2020

544

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

545

# - etag: BwWWja0YfJA=

546

# - version: 3

547

#

548

# For a description of IAM and its features, see the

549

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

550

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

551

# `condition` that determines how and when the `bindings` are applied. Each

552

# of the `bindings` must contain at least one member.

553

{ # Associates `members` with a `role`.

554

"role": "A String", # Role that is assigned to `members`.

555

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

556

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

557

#

558

# If the condition evaluates to `true`, then this binding applies to the

559

# current request.

560

#

561

# If the condition evaluates to `false`, then this binding does not apply to

562

# the current request. However, a different role binding might grant the same

563

# role to one or more of the members in this binding.

564

#

565

# To learn which resources support conditions in their IAM policies, see the

566

# [IAM

567

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

568

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

569

# are documented at https://github.com/google/cel-spec.

570

#

571

# Example (Comparison):

572

#

573

# title: "Summary size limit"

574

# description: "Determines if a summary is less than 100 chars"

575

# expression: "document.summary.size() < 100"

576

#

577

# Example (Equality):

578

#

579

# title: "Requestor is owner"

580

# description: "Determines if requestor is the document owner"

581

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

586

# description: "Determine whether the document should be publicly visible"

587

# expression: "document.type != 'private' && document.type != 'internal'"

588

#

589

# Example (Data Manipulation):

590

#

591

# title: "Notification string"

592

# description: "Create a notification string with a timestamp."

593

# expression: "'New message received at ' + string(document.create_time)"

594

#

595

# The exact variables and functions that may be referenced within an expression

596

# are determined by the service that evaluates it. See the service

597

# documentation for additional information.

598

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

599

# its purpose. This can be used e.g. in UIs which allow to enter the

600

# expression.

601

"location": "A String", # Optional. String indicating the location of the expression for error

602

# reporting, e.g. a file name and a position in the file.

603

"description": "A String", # Optional. Description of the expression. This is a longer text which

604

# describes the expression, e.g. when hovered over it in a UI.

605

"expression": "A String", # Textual representation of an expression in Common Expression Language

606

# syntax.

607

},

608

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

609

# `members` can have the following values:

610

#

611

# * `allUsers`: A special identifier that represents anyone who is

612

# on the internet; with or without a Google account.

613

#

614

# * `allAuthenticatedUsers`: A special identifier that represents anyone

615

# who is authenticated with a Google account or a service account.

616

#

617

# * `user:{emailid}`: An email address that represents a specific Google

618

# account. For example, `alice@example.com` .

619

#

620

#

621

# * `serviceAccount:{emailid}`: An email address that represents a service

622

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

623

#

624

# * `group:{emailid}`: An email address that represents a Google group.

625

# For example, `admins@example.com`.

626

#

627

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

628

# identifier) representing a user that has been recently deleted. For

629

# example, `alice@example.com?uid=123456789012345678901`. If the user is

630

# recovered, this value reverts to `user:{emailid}` and the recovered user

631

# retains the role in the binding.

632

#

633

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

634

# unique identifier) representing a service account that has been recently

635

# deleted. For example,

636

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

637

# If the service account is undeleted, this value reverts to

638

# `serviceAccount:{emailid}` and the undeleted service account retains the

639

# role in the binding.

640

#

641

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

642

# identifier) representing a Google group that has been recently

643

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

644

# the group is recovered, this value reverts to `group:{emailid}` and the

645

# recovered group retains the role in the binding.

646

#

647

#

648

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

649

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

656

# prevent simultaneous updates of a policy from overwriting each other.

657

# It is strongly suggested that systems make use of the `etag` in the

658

# read-modify-write cycle to perform policy updates in order to avoid race

659

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

660

# systems are expected to put that etag in the request to `setIamPolicy` to

661

# ensure that their change will be applied to the same version of the policy.

662

#

663

# **Important:** If you use IAM Conditions, you must include the `etag` field

664

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

665

# you to overwrite a version `3` policy with a version `1` policy, and all of

666

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

667

"version": 42, # Specifies the format of the policy.

668

#

669

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

670

# are rejected.

671

#

672

# Any operation that affects conditional role bindings must specify version

673

# `3`. This requirement applies to the following operations:

674

#

675

# * Getting a policy that includes a conditional role binding

676

# * Adding a conditional role binding to a policy

677

# * Changing a conditional role binding in a policy

678

# * Removing any role binding, with or without a condition, from a policy

679

# that includes conditions

680

#

681

# **Important:** If you use IAM Conditions, you must include the `etag` field

682

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

683

# you to overwrite a version `3` policy with a version `1` policy, and all of

684

# the conditions in the version `3` policy are lost.

685

#

686

# If a policy does not include any conditions, operations on that policy may

687

# specify any valid version or leave the field unset.

688

#

689

# To learn which resources support conditions in their IAM policies, see the

690

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

691

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

692

{ # Specifies the audit configuration for a service.

693

# The configuration determines which permission types are logged, and what

694

# identities, if any, are exempted from logging.

695

# An AuditConfig must have one or more AuditLogConfigs.

696

#

697

# If there are AuditConfigs for both `allServices` and a specific service,

698

# the union of the two AuditConfigs is used for that service: the log_types

699

# specified in each AuditConfig are enabled, and the exempted_members in each

700

# AuditLogConfig are exempted.

701

#

702

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

708

# "audit_log_configs": [

709

# {

710

# "log_type": "DATA_READ",

711

# "exempted_members": [

712

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

717

# },

718

# {

719

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

725

# "audit_log_configs": [

726

# {

727

# "log_type": "DATA_READ",

728

# },

729

# {

730

# "log_type": "DATA_WRITE",

731

# "exempted_members": [

732

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

741

# logging. It also exempts jose@example.com from DATA_READ logging, and

742

# aliya@example.com from DATA_WRITE logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

743

"auditLogConfigs": [ # The configuration for logging of each type of permission.

744

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

749

# {

750

# "log_type": "DATA_READ",

751

# "exempted_members": [

752

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

762

# jose@example.com from DATA_READ logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

763

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

764

# permission.

765

# Follows the same format of Binding.members.

766

"A String",

767

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

768

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

769

},

770

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

771

"service": "A String", # Specifies a service that will be enabled for audit logging.

772

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

773

# `allServices` is a special value that covers all services.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

774

},

775

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

780

<code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

781

<pre>Lists the health datasets in the current project.

782

783

Args:

784

parent: string, The name of the project whose datasets should be listed.

785

For example, `projects/{project_id}/locations/{location_id}`. (required)

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

786

pageToken: string, The next_page_token value returned from a previous List request, if any.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

787

pageSize: integer, The maximum number of items to return. Capped to 100 if not specified.

788

May not be larger than 1000.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

789

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

796

797

{ # Lists the available datasets.

798

"datasets": [ # The first page of datasets.

799

{ # A message representing a health dataset.

800

#

801

# A health dataset represents a collection of healthcare data pertaining to one

802

# or more patients. This may include multiple modalities of healthcare data,

803

# such as electronic medical records or medical imaging data.

804

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

805

# time zone name such as "America/New_York" or empty, which defaults to UTC.

806

# This is used for parsing times in resources, such as HL7 messages, where no

807

# explicit timezone is specified.

808

"name": "A String", # Output only. Resource name of the dataset, of the form

809

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

810

},

811

],

812

"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no

813

# more results in the list.

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

819

<pre>Retrieves the next page of results.

820

821

Args:

822

previous_request: The request for the previous page. (required)

823

previous_response: The response from the request for the previous page. (required)

824

825

Returns:

826

A request object that you can call 'execute()' on to request the next

827

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

833

<pre>Updates dataset metadata.

Args:

`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)

838

body: object, The request body.

839

The object takes the form of:

840

841

{ # A message representing a health dataset.

842

#

843

# A health dataset represents a collection of healthcare data pertaining to one

844

# or more patients. This may include multiple modalities of healthcare data,

845

# such as electronic medical records or medical imaging data.

846

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

847

# time zone name such as "America/New_York" or empty, which defaults to UTC.

848

# This is used for parsing times in resources, such as HL7 messages, where no

849

# explicit timezone is specified.

850

"name": "A String", # Output only. Resource name of the dataset, of the form

851

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

852

}

853

854

updateMask: string, The update mask applies to the resource. For the `FieldMask` definition,

855

see

856

https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

857

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

864

865

{ # A message representing a health dataset.

866

#

867

# A health dataset represents a collection of healthcare data pertaining to one

868

# or more patients. This may include multiple modalities of healthcare data,

869

# such as electronic medical records or medical imaging data.

870

"timeZone": "A String", # The default timezone used by this dataset. Must be a either a valid IANA

871

# time zone name such as "America/New_York" or empty, which defaults to UTC.

872

# This is used for parsing times in resources, such as HL7 messages, where no

873

# explicit timezone is specified.

874

"name": "A String", # Output only. Resource name of the dataset, of the form

875

# `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.

}</pre>

</div>

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

881

<pre>Sets the access control policy on the specified resource. Replaces any

882

existing policy.

883

884

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

885

886

Args:

887

resource: string, REQUIRED: The resource for which the policy is being specified.

888

See the operation documentation for the appropriate value for this field. (required)

889

body: object, The request body.

890

The object takes the form of:

891

892

{ # Request message for `SetIamPolicy` method.

893

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

894

# the policy is limited to a few 10s of KB. An empty policy is a

895

# valid policy but certain Cloud Platform services (such as Projects)

896

# might reject them.

897

# controls for Google Cloud resources.

898

#

899

#

900

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

901

# `members` to a single `role`. Members can be user accounts, service accounts,

902

# Google groups, and domains (such as G Suite). A `role` is a named list of

903

# permissions; each `role` can be an IAM predefined role or a user-created

904

# custom role.

905

#

906

# For some types of Google Cloud resources, a `binding` can also specify a

907

# `condition`, which is a logical expression that allows access to a resource

908

# only if the expression evaluates to `true`. A condition can add constraints

909

# based on attributes of the request, the resource, or both. To learn which

910

# resources support conditions in their IAM policies, see the

911

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

919

# "members": [

920

# "user:mike@example.com",

921

# "group:admins@example.com",

922

# "domain:google.com",

923

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

928

# "members": [

929

# "user:eve@example.com"

930

# ],

931

# "condition": {

932

# "title": "expirable access",

933

# "description": "Does not grant access after Sep 2020",

934

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

947

# - group:admins@example.com

948

# - domain:google.com

949

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

950

# role: roles/resourcemanager.organizationAdmin

951

# - members:

952

# - user:eve@example.com

953

# role: roles/resourcemanager.organizationViewer

954

# condition:

955

# title: expirable access

956

# description: Does not grant access after Sep 2020

957

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

958

# - etag: BwWWja0YfJA=

959

# - version: 3

960

#

961

# For a description of IAM and its features, see the

962

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

963

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

964

# `condition` that determines how and when the `bindings` are applied. Each

965

# of the `bindings` must contain at least one member.

966

{ # Associates `members` with a `role`.

967

"role": "A String", # Role that is assigned to `members`.

968

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

969

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

970

#

971

# If the condition evaluates to `true`, then this binding applies to the

972

# current request.

973

#

974

# If the condition evaluates to `false`, then this binding does not apply to

975

# the current request. However, a different role binding might grant the same

976

# role to one or more of the members in this binding.

977

#

978

# To learn which resources support conditions in their IAM policies, see the

979

# [IAM

980

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

981

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

982

# are documented at https://github.com/google/cel-spec.

983

#

984

# Example (Comparison):

985

#

986

# title: "Summary size limit"

987

# description: "Determines if a summary is less than 100 chars"

988

# expression: "document.summary.size() < 100"

989

#

990

# Example (Equality):

991

#

992

# title: "Requestor is owner"

993

# description: "Determines if requestor is the document owner"

994

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

999

# description: "Determine whether the document should be publicly visible"

1000

# expression: "document.type != 'private' && document.type != 'internal'"

1001

#

1002

# Example (Data Manipulation):

1003

#

1004

# title: "Notification string"

1005

# description: "Create a notification string with a timestamp."

1006

# expression: "'New message received at ' + string(document.create_time)"

1007

#

1008

# The exact variables and functions that may be referenced within an expression

1009

# are determined by the service that evaluates it. See the service

1010

# documentation for additional information.

1011

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1012

# its purpose. This can be used e.g. in UIs which allow to enter the

1013

# expression.

1014

"location": "A String", # Optional. String indicating the location of the expression for error

1015

# reporting, e.g. a file name and a position in the file.

1016

"description": "A String", # Optional. Description of the expression. This is a longer text which

1017

# describes the expression, e.g. when hovered over it in a UI.

1018

"expression": "A String", # Textual representation of an expression in Common Expression Language

1019

# syntax.

1020

},

1021

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1022

# `members` can have the following values:

1023

#

1024

# * `allUsers`: A special identifier that represents anyone who is

1025

# on the internet; with or without a Google account.

1026

#

1027

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1028

# who is authenticated with a Google account or a service account.

1029

#

1030

# * `user:{emailid}`: An email address that represents a specific Google

1031

# account. For example, `alice@example.com` .

1032

#

1033

#

1034

# * `serviceAccount:{emailid}`: An email address that represents a service

1035

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1036

#

1037

# * `group:{emailid}`: An email address that represents a Google group.

1038

# For example, `admins@example.com`.

1039

#

1040

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1041

# identifier) representing a user that has been recently deleted. For

1042

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1043

# recovered, this value reverts to `user:{emailid}` and the recovered user

1044

# retains the role in the binding.

1045

#

1046

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1047

# unique identifier) representing a service account that has been recently

1048

# deleted. For example,

1049

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1050

# If the service account is undeleted, this value reverts to

1051

# `serviceAccount:{emailid}` and the undeleted service account retains the

1052

# role in the binding.

1053

#

1054

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1055

# identifier) representing a Google group that has been recently

1056

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1057

# the group is recovered, this value reverts to `group:{emailid}` and the

1058

# recovered group retains the role in the binding.

1059

#

1060

#

1061

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1062

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1069

# prevent simultaneous updates of a policy from overwriting each other.

1070

# It is strongly suggested that systems make use of the `etag` in the

1071

# read-modify-write cycle to perform policy updates in order to avoid race

1072

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1073

# systems are expected to put that etag in the request to `setIamPolicy` to

1074

# ensure that their change will be applied to the same version of the policy.

1075

#

1076

# **Important:** If you use IAM Conditions, you must include the `etag` field

1077

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1078

# you to overwrite a version `3` policy with a version `1` policy, and all of

1079

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1080

"version": 42, # Specifies the format of the policy.

1081

#

1082

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1083

# are rejected.

1084

#

1085

# Any operation that affects conditional role bindings must specify version

1086

# `3`. This requirement applies to the following operations:

1087

#

1088

# * Getting a policy that includes a conditional role binding

1089

# * Adding a conditional role binding to a policy

1090

# * Changing a conditional role binding in a policy

1091

# * Removing any role binding, with or without a condition, from a policy

1092

# that includes conditions

1093

#

1094

# **Important:** If you use IAM Conditions, you must include the `etag` field

1095

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1096

# you to overwrite a version `3` policy with a version `1` policy, and all of

1097

# the conditions in the version `3` policy are lost.

1098

#

1099

# If a policy does not include any conditions, operations on that policy may

1100

# specify any valid version or leave the field unset.

1101

#

1102

# To learn which resources support conditions in their IAM policies, see the

1103

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1104

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1105

{ # Specifies the audit configuration for a service.

1106

# The configuration determines which permission types are logged, and what

1107

# identities, if any, are exempted from logging.

1108

# An AuditConfig must have one or more AuditLogConfigs.

1109

#

1110

# If there are AuditConfigs for both `allServices` and a specific service,

1111

# the union of the two AuditConfigs is used for that service: the log_types

1112

# specified in each AuditConfig are enabled, and the exempted_members in each

1113

# AuditLogConfig are exempted.

1114

#

1115

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

1121

# "audit_log_configs": [

1122

# {

1123

# "log_type": "DATA_READ",

1124

# "exempted_members": [

1125

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

1130

# },

1131

# {

1132

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

1138

# "audit_log_configs": [

1139

# {

1140

# "log_type": "DATA_READ",

1141

# },

1142

# {

1143

# "log_type": "DATA_WRITE",

1144

# "exempted_members": [

1145

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1154

# logging. It also exempts jose@example.com from DATA_READ logging, and

1155

# aliya@example.com from DATA_WRITE logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1156

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1157

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1162

# {

1163

# "log_type": "DATA_READ",

1164

# "exempted_members": [

1165

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1175

# jose@example.com from DATA_READ logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1176

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1177

# permission.

1178

# Follows the same format of Binding.members.

1179

"A String",

1180

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1181

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1182

},

1183

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1184

"service": "A String", # Specifies a service that will be enabled for audit logging.

1185

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1186

# `allServices` is a special value that covers all services.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1187

},

1188

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1189

},

1190

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

1191

# the fields in the mask will be modified. If no mask is provided, the

1192

# following default mask is used:

1193

#

1194

# `paths: "bindings, etag"`

1195

}

1196

1197

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1204

1205

{ # An Identity and Access Management (IAM) policy, which specifies access

1206

# controls for Google Cloud resources.

1207

#

1208

#

1209

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1210

# `members` to a single `role`. Members can be user accounts, service accounts,

1211

# Google groups, and domains (such as G Suite). A `role` is a named list of

1212

# permissions; each `role` can be an IAM predefined role or a user-created

1213

# custom role.

1214

#

1215

# For some types of Google Cloud resources, a `binding` can also specify a

1216

# `condition`, which is a logical expression that allows access to a resource

1217

# only if the expression evaluates to `true`. A condition can add constraints

1218

# based on attributes of the request, the resource, or both. To learn which

1219

# resources support conditions in their IAM policies, see the

1220

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1228

# "members": [

1229

# "user:mike@example.com",

1230

# "group:admins@example.com",

1231

# "domain:google.com",

1232

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1237

# "members": [

1238

# "user:eve@example.com"

1239

# ],

1240

# "condition": {

1241

# "title": "expirable access",

1242

# "description": "Does not grant access after Sep 2020",

1243

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1256

# - group:admins@example.com

1257

# - domain:google.com

1258

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1259

# role: roles/resourcemanager.organizationAdmin

1260

# - members:

1261

# - user:eve@example.com

1262

# role: roles/resourcemanager.organizationViewer

1263

# condition:

1264

# title: expirable access

1265

# description: Does not grant access after Sep 2020

1266

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1267

# - etag: BwWWja0YfJA=

1268

# - version: 3

1269

#

1270

# For a description of IAM and its features, see the

1271

# [IAM documentation](https://cloud.google.com/iam/docs/).

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1272

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1273

# `condition` that determines how and when the `bindings` are applied. Each

1274

# of the `bindings` must contain at least one member.

1275

{ # Associates `members` with a `role`.

1276

"role": "A String", # Role that is assigned to `members`.

1277

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1278

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1279

#

1280

# If the condition evaluates to `true`, then this binding applies to the

1281

# current request.

1282

#

1283

# If the condition evaluates to `false`, then this binding does not apply to

1284

# the current request. However, a different role binding might grant the same

1285

# role to one or more of the members in this binding.

1286

#

1287

# To learn which resources support conditions in their IAM policies, see the

1288

# [IAM

1289

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1290

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1291

# are documented at https://github.com/google/cel-spec.

1292

#

1293

# Example (Comparison):

1294

#

1295

# title: "Summary size limit"

1296

# description: "Determines if a summary is less than 100 chars"

1297

# expression: "document.summary.size() < 100"

1298

#

1299

# Example (Equality):

1300

#

1301

# title: "Requestor is owner"

1302

# description: "Determines if requestor is the document owner"

1303

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1308

# description: "Determine whether the document should be publicly visible"

1309

# expression: "document.type != 'private' && document.type != 'internal'"

1310

#

1311

# Example (Data Manipulation):

1312

#

1313

# title: "Notification string"

1314

# description: "Create a notification string with a timestamp."

1315

# expression: "'New message received at ' + string(document.create_time)"

1316

#

1317

# The exact variables and functions that may be referenced within an expression

1318

# are determined by the service that evaluates it. See the service

1319

# documentation for additional information.

1320

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1321

# its purpose. This can be used e.g. in UIs which allow to enter the

1322

# expression.

1323

"location": "A String", # Optional. String indicating the location of the expression for error

1324

# reporting, e.g. a file name and a position in the file.

1325

"description": "A String", # Optional. Description of the expression. This is a longer text which

1326

# describes the expression, e.g. when hovered over it in a UI.

1327

"expression": "A String", # Textual representation of an expression in Common Expression Language

1328

# syntax.

1329

},

1330

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1331

# `members` can have the following values:

1332

#

1333

# * `allUsers`: A special identifier that represents anyone who is

1334

# on the internet; with or without a Google account.

1335

#

1336

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1337

# who is authenticated with a Google account or a service account.

1338

#

1339

# * `user:{emailid}`: An email address that represents a specific Google

1340

# account. For example, `alice@example.com` .

1341

#

1342

#

1343

# * `serviceAccount:{emailid}`: An email address that represents a service

1344

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1345

#

1346

# * `group:{emailid}`: An email address that represents a Google group.

1347

# For example, `admins@example.com`.

1348

#

1349

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1350

# identifier) representing a user that has been recently deleted. For

1351

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1352

# recovered, this value reverts to `user:{emailid}` and the recovered user

1353

# retains the role in the binding.

1354

#

1355

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1356

# unique identifier) representing a service account that has been recently

1357

# deleted. For example,

1358

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1359

# If the service account is undeleted, this value reverts to

1360

# `serviceAccount:{emailid}` and the undeleted service account retains the

1361

# role in the binding.

1362

#

1363

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1364

# identifier) representing a Google group that has been recently

1365

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1366

# the group is recovered, this value reverts to `group:{emailid}` and the

1367

# recovered group retains the role in the binding.

1368

#

1369

#

1370

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1371

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

},

],

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1378

# prevent simultaneous updates of a policy from overwriting each other.

1379

# It is strongly suggested that systems make use of the `etag` in the

1380

# read-modify-write cycle to perform policy updates in order to avoid race

1381

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1382

# systems are expected to put that etag in the request to `setIamPolicy` to

1383

# ensure that their change will be applied to the same version of the policy.

1384

#

1385

# **Important:** If you use IAM Conditions, you must include the `etag` field

1386

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1387

# you to overwrite a version `3` policy with a version `1` policy, and all of

1388

# the conditions in the version `3` policy are lost.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1389

"version": 42, # Specifies the format of the policy.

1390

#

1391

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1392

# are rejected.

1393

#

1394

# Any operation that affects conditional role bindings must specify version

1395

# `3`. This requirement applies to the following operations:

1396

#

1397

# * Getting a policy that includes a conditional role binding

1398

# * Adding a conditional role binding to a policy

1399

# * Changing a conditional role binding in a policy

1400

# * Removing any role binding, with or without a condition, from a policy

1401

# that includes conditions

1402

#

1403

# **Important:** If you use IAM Conditions, you must include the `etag` field

1404

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1405

# you to overwrite a version `3` policy with a version `1` policy, and all of

1406

# the conditions in the version `3` policy are lost.

1407

#

1408

# If a policy does not include any conditions, operations on that policy may

1409

# specify any valid version or leave the field unset.

1410

#

1411

# To learn which resources support conditions in their IAM policies, see the

1412

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1413

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1414

{ # Specifies the audit configuration for a service.

1415

# The configuration determines which permission types are logged, and what

1416

# identities, if any, are exempted from logging.

1417

# An AuditConfig must have one or more AuditLogConfigs.

1418

#

1419

# If there are AuditConfigs for both `allServices` and a specific service,

1420

# the union of the two AuditConfigs is used for that service: the log_types

1421

# specified in each AuditConfig are enabled, and the exempted_members in each

1422

# AuditLogConfig are exempted.

1423

#

1424

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices"

1430

# "audit_log_configs": [

1431

# {

1432

# "log_type": "DATA_READ",

1433

# "exempted_members": [

1434

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

1439

# },

1440

# {

1441

# "log_type": "ADMIN_READ",

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com"

1447

# "audit_log_configs": [

1448

# {

1449

# "log_type": "DATA_READ",

1450

# },

1451

# {

1452

# "log_type": "DATA_WRITE",

1453

# "exempted_members": [

1454

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1463

# logging. It also exempts jose@example.com from DATA_READ logging, and

1464

# aliya@example.com from DATA_WRITE logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1465

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1466

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1471

# {

1472

# "log_type": "DATA_READ",

1473

# "exempted_members": [

1474

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE",

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1484

# jose@example.com from DATA_READ logging.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1485

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1486

# permission.

1487

# Follows the same format of Binding.members.

1488

"A String",

1489

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1490

"logType": "A String", # The log type that this config enables.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1491

},

1492

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

1493

"service": "A String", # Specifies a service that will be enabled for audit logging.

1494

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1495

# `allServices` is a special value that covers all services.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

1496

},

1497

],

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

1503

<pre>Returns permissions that a caller has on the specified resource.

1504

If the resource does not exist, this will return an empty set of

1505

permissions, not a `NOT_FOUND` error.

1506

1507

Note: This operation is designed to be used for building permission-aware

1508

UIs and command-line tools, not for authorization checking. This operation

1509

may "fail open" without warning.

1510

1511

Args:

1512

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1513

See the operation documentation for the appropriate value for this field. (required)

1514

body: object, The request body.

1515

The object takes the form of:

1516

1517

{ # Request message for `TestIamPermissions` method.

1518

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1519

# wildcards (such as '*' or 'storage.*') are not allowed. For more

1520

# information see

1521

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

"A String",

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1533

1534

{ # Response message for `TestIamPermissions` method.

1535

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

# allowed.

"A String",

],

}</pre>

</div>

</body></html>