blob: 868fa5bcc3428832f79af34b92caa31e6678da4c [file] [log] [blame]
Bu Sun Kim65020912020-05-20 12:08:20 -07001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="healthcare_v1.html">Cloud Healthcare API</a> . <a href="healthcare_v1.projects.html">projects</a> . <a href="healthcare_v1.projects.locations.html">locations</a> . <a href="healthcare_v1.projects.locations.datasets.html">datasets</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="healthcare_v1.projects.locations.datasets.dicomStores.html">dicomStores()</a></code>
79</p>
80<p class="firstline">Returns the dicomStores Resource.</p>
81
82<p class="toc_element">
83 <code><a href="healthcare_v1.projects.locations.datasets.fhirStores.html">fhirStores()</a></code>
84</p>
85<p class="firstline">Returns the fhirStores Resource.</p>
86
87<p class="toc_element">
88 <code><a href="healthcare_v1.projects.locations.datasets.hl7V2Stores.html">hl7V2Stores()</a></code>
89</p>
90<p class="firstline">Returns the hl7V2Stores Resource.</p>
91
92<p class="toc_element">
93 <code><a href="healthcare_v1.projects.locations.datasets.operations.html">operations()</a></code>
94</p>
95<p class="firstline">Returns the operations Resource.</p>
96
97<p class="toc_element">
98 <code><a href="#create">create(parent, body=None, datasetId=None, x__xgafv=None)</a></code></p>
99<p class="firstline">Creates a new health dataset. Results are returned through the</p>
100<p class="toc_element">
101 <code><a href="#deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</a></code></p>
102<p class="firstline">Creates a new dataset containing de-identified data from the source</p>
103<p class="toc_element">
104 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
105<p class="firstline">Deletes the specified health dataset and all data contained in the dataset.</p>
106<p class="toc_element">
107 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
108<p class="firstline">Gets any metadata associated with a dataset.</p>
109<p class="toc_element">
110 <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
111<p class="firstline">Gets the access control policy for a resource.</p>
112<p class="toc_element">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700113 <code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
Bu Sun Kim65020912020-05-20 12:08:20 -0700114<p class="firstline">Lists the health datasets in the current project.</p>
115<p class="toc_element">
116 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
117<p class="firstline">Retrieves the next page of results.</p>
118<p class="toc_element">
119 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
120<p class="firstline">Updates dataset metadata.</p>
121<p class="toc_element">
122 <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
123<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
124<p class="toc_element">
125 <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>
126<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
127<h3>Method Details</h3>
128<div class="method">
129 <code class="details" id="create">create(parent, body=None, datasetId=None, x__xgafv=None)</code>
130 <pre>Creates a new health dataset. Results are returned through the
131Operation interface which returns either an
132`Operation.response` which contains a Dataset or
133`Operation.error`. The metadata
134field type is OperationMetadata.
135A Google Cloud Platform project can contain up to 500 datasets across all
136regions.
137
138Args:
139 parent: string, The name of the project where the server creates the dataset. For
140example, `projects/{project_id}/locations/{location_id}`. (required)
141 body: object, The request body.
142 The object takes the form of:
143
144{ # A message representing a health dataset.
145 #
146 # A health dataset represents a collection of healthcare data pertaining to one
147 # or more patients. This may include multiple modalities of healthcare data,
148 # such as electronic medical records or medical imaging data.
149 &quot;timeZone&quot;: &quot;A String&quot;, # The default timezone used by this dataset. Must be a either a valid IANA
150 # time zone name such as &quot;America/New_York&quot; or empty, which defaults to UTC.
151 # This is used for parsing times in resources, such as HL7 messages, where no
152 # explicit timezone is specified.
153 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the dataset, of the form
154 # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.
155}
156
157 datasetId: string, The ID of the dataset that is being created.
158The string must match the following regex: `[\p{L}\p{N}_\-\.]{1,256}`.
159 x__xgafv: string, V1 error format.
160 Allowed values
161 1 - v1 error format
162 2 - v2 error format
163
164Returns:
165 An object of the form:
166
167 { # This resource represents a long-running operation that is the result of a
168 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700169 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
170 # If `true`, the operation is completed, and either `error` or `response` is
171 # available.
172 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
173 # method returns no data on success, such as `Delete`, the response is
174 # `google.protobuf.Empty`. If the original method is standard
175 # `Get`/`Create`/`Update`, the response should be the resource. For other
176 # methods, the response should have the type `XxxResponse`, where `Xxx`
177 # is the original method name. For example, if the original method name
178 # is `TakeSnapshot()`, the inferred response type is
179 # `TakeSnapshotResponse`.
180 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
181 },
182 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
183 # originally returns it. If you use the default HTTP mapping, the
184 # `name` should be a resource name ending with `operations/{unique_id}`.
185 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
186 # different programming environments, including REST APIs and RPC APIs. It is
187 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
188 # three pieces of data: error code, error message, and error details.
189 #
190 # You can find out more about this error model and how to work with it in the
191 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700192 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
193 # user-facing error message should be localized and sent in the
194 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim65020912020-05-20 12:08:20 -0700195 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
196 # message types for APIs to use.
197 {
198 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
199 },
200 ],
201 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700202 },
203 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
204 # contains progress information and common metadata such as create time.
205 # Some services might not provide such metadata. Any method that returns a
206 # long-running operation should document the metadata type, if any.
207 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
Bu Sun Kim65020912020-05-20 12:08:20 -0700208 },
209 }</pre>
210</div>
211
212<div class="method">
213 <code class="details" id="deidentify">deidentify(sourceDataset, body=None, x__xgafv=None)</code>
214 <pre>Creates a new dataset containing de-identified data from the source
215dataset. The metadata field type
216is OperationMetadata.
217If the request is successful, the
218response field type is
219DeidentifySummary.
220If errors occur, error is set.
221The LRO result may still be successful if de-identification fails for some
222DICOM instances. The new de-identified dataset will not contain these
223failed resources. Failed resource totals are tracked in
224Operation.metadata.
225Error details are also logged to Cloud Logging. For more information,
226see [Viewing logs](/healthcare/docs/how-tos/logging).
227
228Args:
229 sourceDataset: string, Source dataset resource name. For example,
230`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)
231 body: object, The request body.
232 The object takes the form of:
233
234{ # Redacts identifying information from the specified dataset.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700235 &quot;destinationDataset&quot;: &quot;A String&quot;, # The name of the dataset resource to create and write the redacted data to.
236 #
237 # * The destination dataset must not exist.
238 # * The destination dataset must be in the same project and location as the
239 # source dataset. De-identifying data across multiple projects or locations
240 # is not supported.
Bu Sun Kim65020912020-05-20 12:08:20 -0700241 &quot;config&quot;: { # Configures de-id options specific to different types of content. # Deidentify configuration.
242 # Each submessage customizes the handling of an
243 # https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are
244 # applied in a nested manner at runtime.
245 &quot;text&quot;: { # Configures de-identification of text wherever it is found in the
246 # source_dataset.
247 &quot;transformations&quot;: [ # The transformations to apply to the detected data.
248 { # A transformation to apply to text that is identified as a specific
249 # info_type.
250 &quot;dateShiftConfig&quot;: { # Shift a date forward or backward in time by a random amount which is # Config for date shift.
251 # consistent for a given patient and crypto key combination.
252 &quot;cryptoKey&quot;: &quot;A String&quot;, # An AES 128/192/256 bit key. Causes the shift to be computed based on this
253 # key and the patient ID. A default key is generated for each
254 # Deidentify operation and is used wherever crypto_key is not specified.
255 },
256 &quot;characterMaskConfig&quot;: { # Mask a string by replacing its characters with a fixed character. # Config for character mask.
257 &quot;maskingCharacter&quot;: &quot;A String&quot;, # Character to mask the sensitive values. If not supplied, defaults to &quot;*&quot;.
258 },
259 &quot;redactConfig&quot;: { # Define how to redact sensitive values. Default behaviour is erase. # Config for text redaction.
260 # For example, &quot;My name is Jane.&quot; becomes &quot;My name is .&quot;
261 },
262 &quot;infoTypes&quot;: [ # InfoTypes to apply this transformation to. If this is not specified, the
263 # transformation applies to any info_type.
264 &quot;A String&quot;,
265 ],
266 &quot;replaceWithInfoTypeConfig&quot;: { # When using the # Config for replace with InfoType.
267 # INSPECT_AND_TRANSFORM
268 # action, each match is replaced with the name of the info_type. For example,
269 # &quot;My name is Jane&quot; becomes &quot;My name is [PERSON_NAME].&quot; The
270 # TRANSFORM
271 # action is equivalent to redacting.
272 },
273 &quot;cryptoHashConfig&quot;: { # Pseudonymization method that generates surrogates via cryptographic hashing. # Config for crypto hash.
274 # Uses SHA-256.
275 # Outputs a base64-encoded representation of the hashed output
276 # (for example, `L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=`).
277 &quot;cryptoKey&quot;: &quot;A String&quot;, # An AES 128/192/256 bit key. Causes the hash to be computed based on this
278 # key. A default key is generated for each Deidentify operation and is used
279 # wherever crypto_key is not specified.
280 },
281 },
282 ],
283 },
284 &quot;dicom&quot;: { # Specifies the parameters needed for de-identification of DICOM stores. # Configures de-id of application/DICOM content.
285 &quot;filterProfile&quot;: &quot;A String&quot;, # Tag filtering profile that determines which tags to keep/remove.
286 &quot;skipIdRedaction&quot;: True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID,
287 # SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched.
288 # The Cloud Healthcare API regenerates these UIDs by default based on the
289 # DICOM Standard&#x27;s reasoning: &quot;Whilst these UIDs cannot be mapped directly
290 # to an individual out of context, given access to the original images, or
291 # to a database of the original images containing the UIDs, it would be
292 # possible to recover the individual&#x27;s identity.&quot;
293 # http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html
294 &quot;keepList&quot;: { # List of tags to be filtered. # List of tags to keep. Remove all other tags.
295 &quot;tags&quot;: [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta
296 # Elements, or Directory Structuring Elements, as defined at:
297 # http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.
298 # They may be provided by &quot;Keyword&quot; or &quot;Tag&quot;. For example &quot;PatientID&quot;,
299 # &quot;00100010&quot;.
300 &quot;A String&quot;,
301 ],
302 },
303 &quot;removeList&quot;: { # List of tags to be filtered. # List of tags to remove. Keep all other tags.
304 &quot;tags&quot;: [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta
305 # Elements, or Directory Structuring Elements, as defined at:
306 # http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,.
307 # They may be provided by &quot;Keyword&quot; or &quot;Tag&quot;. For example &quot;PatientID&quot;,
308 # &quot;00100010&quot;.
309 &quot;A String&quot;,
310 ],
311 },
312 },
313 &quot;fhir&quot;: { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content.
314 &quot;fieldMetadataList&quot;: [ # Specifies FHIR paths to match and how to transform them. Any field that
315 # is not matched by a FieldMetadata is passed through to the output
316 # dataset unmodified. All extensions are removed in the output.
317 { # Specifies FHIR paths to match, and how to handle de-identification of
318 # matching fields.
Bu Sun Kim65020912020-05-20 12:08:20 -0700319 &quot;paths&quot;: [ # List of paths to FHIR fields to be redacted. Each path is a
320 # period-separated list where each component is either a field name or
321 # FHIR type name, for example: Patient, HumanName.
322 # For &quot;choice&quot; types (those defined in the FHIR spec with the form:
323 # field[x]) we use two separate components. For example,
324 # &quot;deceasedAge.unit&quot; is matched by &quot;Deceased.Age.unit&quot;.
325 # Supported types are: AdministrativeGenderCode, Code, Date, DateTime,
326 # Decimal, HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid,
327 # Xhtml.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700328 # Base64Binary is also supported, but may only be kept as-is or have all
329 # the content removed.
Bu Sun Kim65020912020-05-20 12:08:20 -0700330 &quot;A String&quot;,
331 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700332 &quot;action&quot;: &quot;A String&quot;, # Deidentify action for one field.
Bu Sun Kim65020912020-05-20 12:08:20 -0700333 },
334 ],
335 },
336 &quot;image&quot;: { # Specifies how to handle de-identification of image pixels. # Configures de-identification of image pixels wherever they are found in the
337 # source_dataset.
338 &quot;textRedactionMode&quot;: &quot;A String&quot;, # Determines how to redact text from image.
339 },
340 },
Bu Sun Kim65020912020-05-20 12:08:20 -0700341 }
342
343 x__xgafv: string, V1 error format.
344 Allowed values
345 1 - v1 error format
346 2 - v2 error format
347
348Returns:
349 An object of the form:
350
351 { # This resource represents a long-running operation that is the result of a
352 # network API call.
Bu Sun Kim65020912020-05-20 12:08:20 -0700353 &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
354 # If `true`, the operation is completed, and either `error` or `response` is
355 # available.
356 &quot;response&quot;: { # The normal response of the operation in case of success. If the original
357 # method returns no data on success, such as `Delete`, the response is
358 # `google.protobuf.Empty`. If the original method is standard
359 # `Get`/`Create`/`Update`, the response should be the resource. For other
360 # methods, the response should have the type `XxxResponse`, where `Xxx`
361 # is the original method name. For example, if the original method name
362 # is `TakeSnapshot()`, the inferred response type is
363 # `TakeSnapshotResponse`.
364 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
365 },
366 &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
367 # originally returns it. If you use the default HTTP mapping, the
368 # `name` should be a resource name ending with `operations/{unique_id}`.
369 &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
370 # different programming environments, including REST APIs and RPC APIs. It is
371 # used by [gRPC](https://github.com/grpc). Each `Status` message contains
372 # three pieces of data: error code, error message, and error details.
373 #
374 # You can find out more about this error model and how to work with it in the
375 # [API Design Guide](https://cloud.google.com/apis/design/errors).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700376 &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
377 # user-facing error message should be localized and sent in the
378 # google.rpc.Status.details field, or localized by the client.
Bu Sun Kim65020912020-05-20 12:08:20 -0700379 &quot;details&quot;: [ # A list of messages that carry the error details. There is a common set of
380 # message types for APIs to use.
381 {
382 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
383 },
384 ],
385 &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700386 },
387 &quot;metadata&quot;: { # Service-specific metadata associated with the operation. It typically
388 # contains progress information and common metadata such as create time.
389 # Some services might not provide such metadata. Any method that returns a
390 # long-running operation should document the metadata type, if any.
391 &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
Bu Sun Kim65020912020-05-20 12:08:20 -0700392 },
393 }</pre>
394</div>
395
396<div class="method">
397 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
398 <pre>Deletes the specified health dataset and all data contained in the dataset.
399Deleting a dataset does not affect the sources from which the dataset was
400imported (if any).
401
402Args:
403 name: string, The name of the dataset to delete. For example,
404`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)
405 x__xgafv: string, V1 error format.
406 Allowed values
407 1 - v1 error format
408 2 - v2 error format
409
410Returns:
411 An object of the form:
412
413 { # A generic empty message that you can re-use to avoid defining duplicated
414 # empty messages in your APIs. A typical example is to use it as the request
415 # or the response type of an API method. For instance:
416 #
417 # service Foo {
418 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
419 # }
420 #
421 # The JSON representation for `Empty` is empty JSON object `{}`.
422 }</pre>
423</div>
424
425<div class="method">
426 <code class="details" id="get">get(name, x__xgafv=None)</code>
427 <pre>Gets any metadata associated with a dataset.
428
429Args:
430 name: string, The name of the dataset to read. For example,
431`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)
432 x__xgafv: string, V1 error format.
433 Allowed values
434 1 - v1 error format
435 2 - v2 error format
436
437Returns:
438 An object of the form:
439
440 { # A message representing a health dataset.
441 #
442 # A health dataset represents a collection of healthcare data pertaining to one
443 # or more patients. This may include multiple modalities of healthcare data,
444 # such as electronic medical records or medical imaging data.
445 &quot;timeZone&quot;: &quot;A String&quot;, # The default timezone used by this dataset. Must be a either a valid IANA
446 # time zone name such as &quot;America/New_York&quot; or empty, which defaults to UTC.
447 # This is used for parsing times in resources, such as HL7 messages, where no
448 # explicit timezone is specified.
449 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the dataset, of the form
450 # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.
451 }</pre>
452</div>
453
454<div class="method">
455 <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>
456 <pre>Gets the access control policy for a resource.
457Returns an empty policy if the resource exists and does not have a policy
458set.
459
460Args:
461 resource: string, REQUIRED: The resource for which the policy is being requested.
462See the operation documentation for the appropriate value for this field. (required)
463 options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.
464
465Valid values are 0, 1, and 3. Requests specifying an invalid value will be
466rejected.
467
468Requests for policies with any conditional bindings must specify version 3.
469Policies without any conditional bindings may specify any valid value or
470leave the field unset.
471
472To learn which resources support conditions in their IAM policies, see the
473[IAM
474documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
475 x__xgafv: string, V1 error format.
476 Allowed values
477 1 - v1 error format
478 2 - v2 error format
479
480Returns:
481 An object of the form:
482
483 { # An Identity and Access Management (IAM) policy, which specifies access
484 # controls for Google Cloud resources.
485 #
486 #
487 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
488 # `members` to a single `role`. Members can be user accounts, service accounts,
489 # Google groups, and domains (such as G Suite). A `role` is a named list of
490 # permissions; each `role` can be an IAM predefined role or a user-created
491 # custom role.
492 #
493 # For some types of Google Cloud resources, a `binding` can also specify a
494 # `condition`, which is a logical expression that allows access to a resource
495 # only if the expression evaluates to `true`. A condition can add constraints
496 # based on attributes of the request, the resource, or both. To learn which
497 # resources support conditions in their IAM policies, see the
498 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
499 #
500 # **JSON example:**
501 #
502 # {
503 # &quot;bindings&quot;: [
504 # {
505 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
506 # &quot;members&quot;: [
507 # &quot;user:mike@example.com&quot;,
508 # &quot;group:admins@example.com&quot;,
509 # &quot;domain:google.com&quot;,
510 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
511 # ]
512 # },
513 # {
514 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
515 # &quot;members&quot;: [
516 # &quot;user:eve@example.com&quot;
517 # ],
518 # &quot;condition&quot;: {
519 # &quot;title&quot;: &quot;expirable access&quot;,
520 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
521 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
522 # }
523 # }
524 # ],
525 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
526 # &quot;version&quot;: 3
527 # }
528 #
529 # **YAML example:**
530 #
531 # bindings:
532 # - members:
533 # - user:mike@example.com
534 # - group:admins@example.com
535 # - domain:google.com
536 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
537 # role: roles/resourcemanager.organizationAdmin
538 # - members:
539 # - user:eve@example.com
540 # role: roles/resourcemanager.organizationViewer
541 # condition:
542 # title: expirable access
543 # description: Does not grant access after Sep 2020
544 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
545 # - etag: BwWWja0YfJA=
546 # - version: 3
547 #
548 # For a description of IAM and its features, see the
549 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700550 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
551 # `condition` that determines how and when the `bindings` are applied. Each
552 # of the `bindings` must contain at least one member.
553 { # Associates `members` with a `role`.
554 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
555 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
556 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
557 #
558 # If the condition evaluates to `true`, then this binding applies to the
559 # current request.
560 #
561 # If the condition evaluates to `false`, then this binding does not apply to
562 # the current request. However, a different role binding might grant the same
563 # role to one or more of the members in this binding.
564 #
565 # To learn which resources support conditions in their IAM policies, see the
566 # [IAM
567 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
568 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
569 # are documented at https://github.com/google/cel-spec.
570 #
571 # Example (Comparison):
572 #
573 # title: &quot;Summary size limit&quot;
574 # description: &quot;Determines if a summary is less than 100 chars&quot;
575 # expression: &quot;document.summary.size() &lt; 100&quot;
576 #
577 # Example (Equality):
578 #
579 # title: &quot;Requestor is owner&quot;
580 # description: &quot;Determines if requestor is the document owner&quot;
581 # expression: &quot;document.owner == request.auth.claims.email&quot;
582 #
583 # Example (Logic):
584 #
585 # title: &quot;Public documents&quot;
586 # description: &quot;Determine whether the document should be publicly visible&quot;
587 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
588 #
589 # Example (Data Manipulation):
590 #
591 # title: &quot;Notification string&quot;
592 # description: &quot;Create a notification string with a timestamp.&quot;
593 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
594 #
595 # The exact variables and functions that may be referenced within an expression
596 # are determined by the service that evaluates it. See the service
597 # documentation for additional information.
598 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
599 # its purpose. This can be used e.g. in UIs which allow to enter the
600 # expression.
601 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
602 # reporting, e.g. a file name and a position in the file.
603 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
604 # describes the expression, e.g. when hovered over it in a UI.
605 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
606 # syntax.
607 },
608 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
609 # `members` can have the following values:
610 #
611 # * `allUsers`: A special identifier that represents anyone who is
612 # on the internet; with or without a Google account.
613 #
614 # * `allAuthenticatedUsers`: A special identifier that represents anyone
615 # who is authenticated with a Google account or a service account.
616 #
617 # * `user:{emailid}`: An email address that represents a specific Google
618 # account. For example, `alice@example.com` .
619 #
620 #
621 # * `serviceAccount:{emailid}`: An email address that represents a service
622 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
623 #
624 # * `group:{emailid}`: An email address that represents a Google group.
625 # For example, `admins@example.com`.
626 #
627 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
628 # identifier) representing a user that has been recently deleted. For
629 # example, `alice@example.com?uid=123456789012345678901`. If the user is
630 # recovered, this value reverts to `user:{emailid}` and the recovered user
631 # retains the role in the binding.
632 #
633 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
634 # unique identifier) representing a service account that has been recently
635 # deleted. For example,
636 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
637 # If the service account is undeleted, this value reverts to
638 # `serviceAccount:{emailid}` and the undeleted service account retains the
639 # role in the binding.
640 #
641 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
642 # identifier) representing a Google group that has been recently
643 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
644 # the group is recovered, this value reverts to `group:{emailid}` and the
645 # recovered group retains the role in the binding.
646 #
647 #
648 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
649 # users of that domain. For example, `google.com` or `example.com`.
650 #
651 &quot;A String&quot;,
652 ],
653 },
654 ],
655 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
656 # prevent simultaneous updates of a policy from overwriting each other.
657 # It is strongly suggested that systems make use of the `etag` in the
658 # read-modify-write cycle to perform policy updates in order to avoid race
659 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
660 # systems are expected to put that etag in the request to `setIamPolicy` to
661 # ensure that their change will be applied to the same version of the policy.
662 #
663 # **Important:** If you use IAM Conditions, you must include the `etag` field
664 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
665 # you to overwrite a version `3` policy with a version `1` policy, and all of
666 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -0700667 &quot;version&quot;: 42, # Specifies the format of the policy.
668 #
669 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
670 # are rejected.
671 #
672 # Any operation that affects conditional role bindings must specify version
673 # `3`. This requirement applies to the following operations:
674 #
675 # * Getting a policy that includes a conditional role binding
676 # * Adding a conditional role binding to a policy
677 # * Changing a conditional role binding in a policy
678 # * Removing any role binding, with or without a condition, from a policy
679 # that includes conditions
680 #
681 # **Important:** If you use IAM Conditions, you must include the `etag` field
682 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
683 # you to overwrite a version `3` policy with a version `1` policy, and all of
684 # the conditions in the version `3` policy are lost.
685 #
686 # If a policy does not include any conditions, operations on that policy may
687 # specify any valid version or leave the field unset.
688 #
689 # To learn which resources support conditions in their IAM policies, see the
690 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
691 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
692 { # Specifies the audit configuration for a service.
693 # The configuration determines which permission types are logged, and what
694 # identities, if any, are exempted from logging.
695 # An AuditConfig must have one or more AuditLogConfigs.
696 #
697 # If there are AuditConfigs for both `allServices` and a specific service,
698 # the union of the two AuditConfigs is used for that service: the log_types
699 # specified in each AuditConfig are enabled, and the exempted_members in each
700 # AuditLogConfig are exempted.
701 #
702 # Example Policy with multiple AuditConfigs:
703 #
704 # {
705 # &quot;audit_configs&quot;: [
706 # {
707 # &quot;service&quot;: &quot;allServices&quot;
708 # &quot;audit_log_configs&quot;: [
709 # {
710 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
711 # &quot;exempted_members&quot;: [
712 # &quot;user:jose@example.com&quot;
713 # ]
714 # },
715 # {
716 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
717 # },
718 # {
719 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
720 # }
721 # ]
722 # },
723 # {
724 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
725 # &quot;audit_log_configs&quot;: [
726 # {
727 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
728 # },
729 # {
730 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
731 # &quot;exempted_members&quot;: [
732 # &quot;user:aliya@example.com&quot;
733 # ]
734 # }
735 # ]
736 # }
737 # ]
738 # }
739 #
740 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
741 # logging. It also exempts jose@example.com from DATA_READ logging, and
742 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -0700743 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
744 { # Provides the configuration for logging a type of permissions.
745 # Example:
746 #
747 # {
748 # &quot;audit_log_configs&quot;: [
749 # {
750 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
751 # &quot;exempted_members&quot;: [
752 # &quot;user:jose@example.com&quot;
753 # ]
754 # },
755 # {
756 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
757 # }
758 # ]
759 # }
760 #
761 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
762 # jose@example.com from DATA_READ logging.
Bu Sun Kim65020912020-05-20 12:08:20 -0700763 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
764 # permission.
765 # Follows the same format of Binding.members.
766 &quot;A String&quot;,
767 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700768 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
Bu Sun Kim65020912020-05-20 12:08:20 -0700769 },
770 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700771 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
772 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
773 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -0700774 },
775 ],
Bu Sun Kim65020912020-05-20 12:08:20 -0700776 }</pre>
777</div>
778
779<div class="method">
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700780 <code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>
Bu Sun Kim65020912020-05-20 12:08:20 -0700781 <pre>Lists the health datasets in the current project.
782
783Args:
784 parent: string, The name of the project whose datasets should be listed.
785For example, `projects/{project_id}/locations/{location_id}`. (required)
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700786 pageToken: string, The next_page_token value returned from a previous List request, if any.
Bu Sun Kim65020912020-05-20 12:08:20 -0700787 pageSize: integer, The maximum number of items to return. Capped to 100 if not specified.
788May not be larger than 1000.
Bu Sun Kim65020912020-05-20 12:08:20 -0700789 x__xgafv: string, V1 error format.
790 Allowed values
791 1 - v1 error format
792 2 - v2 error format
793
794Returns:
795 An object of the form:
796
797 { # Lists the available datasets.
798 &quot;datasets&quot;: [ # The first page of datasets.
799 { # A message representing a health dataset.
800 #
801 # A health dataset represents a collection of healthcare data pertaining to one
802 # or more patients. This may include multiple modalities of healthcare data,
803 # such as electronic medical records or medical imaging data.
804 &quot;timeZone&quot;: &quot;A String&quot;, # The default timezone used by this dataset. Must be a either a valid IANA
805 # time zone name such as &quot;America/New_York&quot; or empty, which defaults to UTC.
806 # This is used for parsing times in resources, such as HL7 messages, where no
807 # explicit timezone is specified.
808 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the dataset, of the form
809 # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.
810 },
811 ],
812 &quot;nextPageToken&quot;: &quot;A String&quot;, # Token to retrieve the next page of results, or empty if there are no
813 # more results in the list.
814 }</pre>
815</div>
816
817<div class="method">
818 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
819 <pre>Retrieves the next page of results.
820
821Args:
822 previous_request: The request for the previous page. (required)
823 previous_response: The response from the request for the previous page. (required)
824
825Returns:
826 A request object that you can call &#x27;execute()&#x27; on to request the next
827 page. Returns None if there are no more items in the collection.
828 </pre>
829</div>
830
831<div class="method">
832 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
833 <pre>Updates dataset metadata.
834
835Args:
836 name: string, Output only. Resource name of the dataset, of the form
837`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`. (required)
838 body: object, The request body.
839 The object takes the form of:
840
841{ # A message representing a health dataset.
842 #
843 # A health dataset represents a collection of healthcare data pertaining to one
844 # or more patients. This may include multiple modalities of healthcare data,
845 # such as electronic medical records or medical imaging data.
846 &quot;timeZone&quot;: &quot;A String&quot;, # The default timezone used by this dataset. Must be a either a valid IANA
847 # time zone name such as &quot;America/New_York&quot; or empty, which defaults to UTC.
848 # This is used for parsing times in resources, such as HL7 messages, where no
849 # explicit timezone is specified.
850 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the dataset, of the form
851 # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.
852}
853
854 updateMask: string, The update mask applies to the resource. For the `FieldMask` definition,
855see
856https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
857 x__xgafv: string, V1 error format.
858 Allowed values
859 1 - v1 error format
860 2 - v2 error format
861
862Returns:
863 An object of the form:
864
865 { # A message representing a health dataset.
866 #
867 # A health dataset represents a collection of healthcare data pertaining to one
868 # or more patients. This may include multiple modalities of healthcare data,
869 # such as electronic medical records or medical imaging data.
870 &quot;timeZone&quot;: &quot;A String&quot;, # The default timezone used by this dataset. Must be a either a valid IANA
871 # time zone name such as &quot;America/New_York&quot; or empty, which defaults to UTC.
872 # This is used for parsing times in resources, such as HL7 messages, where no
873 # explicit timezone is specified.
874 &quot;name&quot;: &quot;A String&quot;, # Output only. Resource name of the dataset, of the form
875 # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}`.
876 }</pre>
877</div>
878
879<div class="method">
880 <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
881 <pre>Sets the access control policy on the specified resource. Replaces any
882existing policy.
883
884Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
885
886Args:
887 resource: string, REQUIRED: The resource for which the policy is being specified.
888See the operation documentation for the appropriate value for this field. (required)
889 body: object, The request body.
890 The object takes the form of:
891
892{ # Request message for `SetIamPolicy` method.
893 &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
894 # the policy is limited to a few 10s of KB. An empty policy is a
895 # valid policy but certain Cloud Platform services (such as Projects)
896 # might reject them.
897 # controls for Google Cloud resources.
898 #
899 #
900 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
901 # `members` to a single `role`. Members can be user accounts, service accounts,
902 # Google groups, and domains (such as G Suite). A `role` is a named list of
903 # permissions; each `role` can be an IAM predefined role or a user-created
904 # custom role.
905 #
906 # For some types of Google Cloud resources, a `binding` can also specify a
907 # `condition`, which is a logical expression that allows access to a resource
908 # only if the expression evaluates to `true`. A condition can add constraints
909 # based on attributes of the request, the resource, or both. To learn which
910 # resources support conditions in their IAM policies, see the
911 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
912 #
913 # **JSON example:**
914 #
915 # {
916 # &quot;bindings&quot;: [
917 # {
918 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
919 # &quot;members&quot;: [
920 # &quot;user:mike@example.com&quot;,
921 # &quot;group:admins@example.com&quot;,
922 # &quot;domain:google.com&quot;,
923 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
924 # ]
925 # },
926 # {
927 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
928 # &quot;members&quot;: [
929 # &quot;user:eve@example.com&quot;
930 # ],
931 # &quot;condition&quot;: {
932 # &quot;title&quot;: &quot;expirable access&quot;,
933 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
934 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
935 # }
936 # }
937 # ],
938 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
939 # &quot;version&quot;: 3
940 # }
941 #
942 # **YAML example:**
943 #
944 # bindings:
945 # - members:
946 # - user:mike@example.com
947 # - group:admins@example.com
948 # - domain:google.com
949 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
950 # role: roles/resourcemanager.organizationAdmin
951 # - members:
952 # - user:eve@example.com
953 # role: roles/resourcemanager.organizationViewer
954 # condition:
955 # title: expirable access
956 # description: Does not grant access after Sep 2020
957 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
958 # - etag: BwWWja0YfJA=
959 # - version: 3
960 #
961 # For a description of IAM and its features, see the
962 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700963 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
964 # `condition` that determines how and when the `bindings` are applied. Each
965 # of the `bindings` must contain at least one member.
966 { # Associates `members` with a `role`.
967 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
968 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
969 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
970 #
971 # If the condition evaluates to `true`, then this binding applies to the
972 # current request.
973 #
974 # If the condition evaluates to `false`, then this binding does not apply to
975 # the current request. However, a different role binding might grant the same
976 # role to one or more of the members in this binding.
977 #
978 # To learn which resources support conditions in their IAM policies, see the
979 # [IAM
980 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
981 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
982 # are documented at https://github.com/google/cel-spec.
983 #
984 # Example (Comparison):
985 #
986 # title: &quot;Summary size limit&quot;
987 # description: &quot;Determines if a summary is less than 100 chars&quot;
988 # expression: &quot;document.summary.size() &lt; 100&quot;
989 #
990 # Example (Equality):
991 #
992 # title: &quot;Requestor is owner&quot;
993 # description: &quot;Determines if requestor is the document owner&quot;
994 # expression: &quot;document.owner == request.auth.claims.email&quot;
995 #
996 # Example (Logic):
997 #
998 # title: &quot;Public documents&quot;
999 # description: &quot;Determine whether the document should be publicly visible&quot;
1000 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1001 #
1002 # Example (Data Manipulation):
1003 #
1004 # title: &quot;Notification string&quot;
1005 # description: &quot;Create a notification string with a timestamp.&quot;
1006 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1007 #
1008 # The exact variables and functions that may be referenced within an expression
1009 # are determined by the service that evaluates it. See the service
1010 # documentation for additional information.
1011 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1012 # its purpose. This can be used e.g. in UIs which allow to enter the
1013 # expression.
1014 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1015 # reporting, e.g. a file name and a position in the file.
1016 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1017 # describes the expression, e.g. when hovered over it in a UI.
1018 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1019 # syntax.
1020 },
1021 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
1022 # `members` can have the following values:
1023 #
1024 # * `allUsers`: A special identifier that represents anyone who is
1025 # on the internet; with or without a Google account.
1026 #
1027 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1028 # who is authenticated with a Google account or a service account.
1029 #
1030 # * `user:{emailid}`: An email address that represents a specific Google
1031 # account. For example, `alice@example.com` .
1032 #
1033 #
1034 # * `serviceAccount:{emailid}`: An email address that represents a service
1035 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1036 #
1037 # * `group:{emailid}`: An email address that represents a Google group.
1038 # For example, `admins@example.com`.
1039 #
1040 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1041 # identifier) representing a user that has been recently deleted. For
1042 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1043 # recovered, this value reverts to `user:{emailid}` and the recovered user
1044 # retains the role in the binding.
1045 #
1046 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1047 # unique identifier) representing a service account that has been recently
1048 # deleted. For example,
1049 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1050 # If the service account is undeleted, this value reverts to
1051 # `serviceAccount:{emailid}` and the undeleted service account retains the
1052 # role in the binding.
1053 #
1054 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1055 # identifier) representing a Google group that has been recently
1056 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1057 # the group is recovered, this value reverts to `group:{emailid}` and the
1058 # recovered group retains the role in the binding.
1059 #
1060 #
1061 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1062 # users of that domain. For example, `google.com` or `example.com`.
1063 #
1064 &quot;A String&quot;,
1065 ],
1066 },
1067 ],
1068 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1069 # prevent simultaneous updates of a policy from overwriting each other.
1070 # It is strongly suggested that systems make use of the `etag` in the
1071 # read-modify-write cycle to perform policy updates in order to avoid race
1072 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1073 # systems are expected to put that etag in the request to `setIamPolicy` to
1074 # ensure that their change will be applied to the same version of the policy.
1075 #
1076 # **Important:** If you use IAM Conditions, you must include the `etag` field
1077 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1078 # you to overwrite a version `3` policy with a version `1` policy, and all of
1079 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -07001080 &quot;version&quot;: 42, # Specifies the format of the policy.
1081 #
1082 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1083 # are rejected.
1084 #
1085 # Any operation that affects conditional role bindings must specify version
1086 # `3`. This requirement applies to the following operations:
1087 #
1088 # * Getting a policy that includes a conditional role binding
1089 # * Adding a conditional role binding to a policy
1090 # * Changing a conditional role binding in a policy
1091 # * Removing any role binding, with or without a condition, from a policy
1092 # that includes conditions
1093 #
1094 # **Important:** If you use IAM Conditions, you must include the `etag` field
1095 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1096 # you to overwrite a version `3` policy with a version `1` policy, and all of
1097 # the conditions in the version `3` policy are lost.
1098 #
1099 # If a policy does not include any conditions, operations on that policy may
1100 # specify any valid version or leave the field unset.
1101 #
1102 # To learn which resources support conditions in their IAM policies, see the
1103 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1104 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1105 { # Specifies the audit configuration for a service.
1106 # The configuration determines which permission types are logged, and what
1107 # identities, if any, are exempted from logging.
1108 # An AuditConfig must have one or more AuditLogConfigs.
1109 #
1110 # If there are AuditConfigs for both `allServices` and a specific service,
1111 # the union of the two AuditConfigs is used for that service: the log_types
1112 # specified in each AuditConfig are enabled, and the exempted_members in each
1113 # AuditLogConfig are exempted.
1114 #
1115 # Example Policy with multiple AuditConfigs:
1116 #
1117 # {
1118 # &quot;audit_configs&quot;: [
1119 # {
1120 # &quot;service&quot;: &quot;allServices&quot;
1121 # &quot;audit_log_configs&quot;: [
1122 # {
1123 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1124 # &quot;exempted_members&quot;: [
1125 # &quot;user:jose@example.com&quot;
1126 # ]
1127 # },
1128 # {
1129 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1130 # },
1131 # {
1132 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1133 # }
1134 # ]
1135 # },
1136 # {
1137 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1138 # &quot;audit_log_configs&quot;: [
1139 # {
1140 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1141 # },
1142 # {
1143 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1144 # &quot;exempted_members&quot;: [
1145 # &quot;user:aliya@example.com&quot;
1146 # ]
1147 # }
1148 # ]
1149 # }
1150 # ]
1151 # }
1152 #
1153 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1154 # logging. It also exempts jose@example.com from DATA_READ logging, and
1155 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -07001156 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1157 { # Provides the configuration for logging a type of permissions.
1158 # Example:
1159 #
1160 # {
1161 # &quot;audit_log_configs&quot;: [
1162 # {
1163 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1164 # &quot;exempted_members&quot;: [
1165 # &quot;user:jose@example.com&quot;
1166 # ]
1167 # },
1168 # {
1169 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1170 # }
1171 # ]
1172 # }
1173 #
1174 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1175 # jose@example.com from DATA_READ logging.
Bu Sun Kim65020912020-05-20 12:08:20 -07001176 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1177 # permission.
1178 # Follows the same format of Binding.members.
1179 &quot;A String&quot;,
1180 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001181 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
Bu Sun Kim65020912020-05-20 12:08:20 -07001182 },
1183 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001184 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1185 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1186 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -07001187 },
1188 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001189 },
1190 &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1191 # the fields in the mask will be modified. If no mask is provided, the
1192 # following default mask is used:
1193 #
1194 # `paths: &quot;bindings, etag&quot;`
1195 }
1196
1197 x__xgafv: string, V1 error format.
1198 Allowed values
1199 1 - v1 error format
1200 2 - v2 error format
1201
1202Returns:
1203 An object of the form:
1204
1205 { # An Identity and Access Management (IAM) policy, which specifies access
1206 # controls for Google Cloud resources.
1207 #
1208 #
1209 # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1210 # `members` to a single `role`. Members can be user accounts, service accounts,
1211 # Google groups, and domains (such as G Suite). A `role` is a named list of
1212 # permissions; each `role` can be an IAM predefined role or a user-created
1213 # custom role.
1214 #
1215 # For some types of Google Cloud resources, a `binding` can also specify a
1216 # `condition`, which is a logical expression that allows access to a resource
1217 # only if the expression evaluates to `true`. A condition can add constraints
1218 # based on attributes of the request, the resource, or both. To learn which
1219 # resources support conditions in their IAM policies, see the
1220 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1221 #
1222 # **JSON example:**
1223 #
1224 # {
1225 # &quot;bindings&quot;: [
1226 # {
1227 # &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
1228 # &quot;members&quot;: [
1229 # &quot;user:mike@example.com&quot;,
1230 # &quot;group:admins@example.com&quot;,
1231 # &quot;domain:google.com&quot;,
1232 # &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
1233 # ]
1234 # },
1235 # {
1236 # &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
1237 # &quot;members&quot;: [
1238 # &quot;user:eve@example.com&quot;
1239 # ],
1240 # &quot;condition&quot;: {
1241 # &quot;title&quot;: &quot;expirable access&quot;,
1242 # &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
1243 # &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
1244 # }
1245 # }
1246 # ],
1247 # &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
1248 # &quot;version&quot;: 3
1249 # }
1250 #
1251 # **YAML example:**
1252 #
1253 # bindings:
1254 # - members:
1255 # - user:mike@example.com
1256 # - group:admins@example.com
1257 # - domain:google.com
1258 # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1259 # role: roles/resourcemanager.organizationAdmin
1260 # - members:
1261 # - user:eve@example.com
1262 # role: roles/resourcemanager.organizationViewer
1263 # condition:
1264 # title: expirable access
1265 # description: Does not grant access after Sep 2020
1266 # expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
1267 # - etag: BwWWja0YfJA=
1268 # - version: 3
1269 #
1270 # For a description of IAM and its features, see the
1271 # [IAM documentation](https://cloud.google.com/iam/docs/).
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001272 &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
1273 # `condition` that determines how and when the `bindings` are applied. Each
1274 # of the `bindings` must contain at least one member.
1275 { # Associates `members` with a `role`.
1276 &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
1277 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1278 &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
1279 #
1280 # If the condition evaluates to `true`, then this binding applies to the
1281 # current request.
1282 #
1283 # If the condition evaluates to `false`, then this binding does not apply to
1284 # the current request. However, a different role binding might grant the same
1285 # role to one or more of the members in this binding.
1286 #
1287 # To learn which resources support conditions in their IAM policies, see the
1288 # [IAM
1289 # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1290 # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1291 # are documented at https://github.com/google/cel-spec.
1292 #
1293 # Example (Comparison):
1294 #
1295 # title: &quot;Summary size limit&quot;
1296 # description: &quot;Determines if a summary is less than 100 chars&quot;
1297 # expression: &quot;document.summary.size() &lt; 100&quot;
1298 #
1299 # Example (Equality):
1300 #
1301 # title: &quot;Requestor is owner&quot;
1302 # description: &quot;Determines if requestor is the document owner&quot;
1303 # expression: &quot;document.owner == request.auth.claims.email&quot;
1304 #
1305 # Example (Logic):
1306 #
1307 # title: &quot;Public documents&quot;
1308 # description: &quot;Determine whether the document should be publicly visible&quot;
1309 # expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
1310 #
1311 # Example (Data Manipulation):
1312 #
1313 # title: &quot;Notification string&quot;
1314 # description: &quot;Create a notification string with a timestamp.&quot;
1315 # expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
1316 #
1317 # The exact variables and functions that may be referenced within an expression
1318 # are determined by the service that evaluates it. See the service
1319 # documentation for additional information.
1320 &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
1321 # its purpose. This can be used e.g. in UIs which allow to enter the
1322 # expression.
1323 &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
1324 # reporting, e.g. a file name and a position in the file.
1325 &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
1326 # describes the expression, e.g. when hovered over it in a UI.
1327 &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
1328 # syntax.
1329 },
1330 &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
1331 # `members` can have the following values:
1332 #
1333 # * `allUsers`: A special identifier that represents anyone who is
1334 # on the internet; with or without a Google account.
1335 #
1336 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1337 # who is authenticated with a Google account or a service account.
1338 #
1339 # * `user:{emailid}`: An email address that represents a specific Google
1340 # account. For example, `alice@example.com` .
1341 #
1342 #
1343 # * `serviceAccount:{emailid}`: An email address that represents a service
1344 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1345 #
1346 # * `group:{emailid}`: An email address that represents a Google group.
1347 # For example, `admins@example.com`.
1348 #
1349 # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
1350 # identifier) representing a user that has been recently deleted. For
1351 # example, `alice@example.com?uid=123456789012345678901`. If the user is
1352 # recovered, this value reverts to `user:{emailid}` and the recovered user
1353 # retains the role in the binding.
1354 #
1355 # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
1356 # unique identifier) representing a service account that has been recently
1357 # deleted. For example,
1358 # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
1359 # If the service account is undeleted, this value reverts to
1360 # `serviceAccount:{emailid}` and the undeleted service account retains the
1361 # role in the binding.
1362 #
1363 # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
1364 # identifier) representing a Google group that has been recently
1365 # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
1366 # the group is recovered, this value reverts to `group:{emailid}` and the
1367 # recovered group retains the role in the binding.
1368 #
1369 #
1370 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1371 # users of that domain. For example, `google.com` or `example.com`.
1372 #
1373 &quot;A String&quot;,
1374 ],
1375 },
1376 ],
1377 &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
1378 # prevent simultaneous updates of a policy from overwriting each other.
1379 # It is strongly suggested that systems make use of the `etag` in the
1380 # read-modify-write cycle to perform policy updates in order to avoid race
1381 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1382 # systems are expected to put that etag in the request to `setIamPolicy` to
1383 # ensure that their change will be applied to the same version of the policy.
1384 #
1385 # **Important:** If you use IAM Conditions, you must include the `etag` field
1386 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1387 # you to overwrite a version `3` policy with a version `1` policy, and all of
1388 # the conditions in the version `3` policy are lost.
Bu Sun Kim65020912020-05-20 12:08:20 -07001389 &quot;version&quot;: 42, # Specifies the format of the policy.
1390 #
1391 # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1392 # are rejected.
1393 #
1394 # Any operation that affects conditional role bindings must specify version
1395 # `3`. This requirement applies to the following operations:
1396 #
1397 # * Getting a policy that includes a conditional role binding
1398 # * Adding a conditional role binding to a policy
1399 # * Changing a conditional role binding in a policy
1400 # * Removing any role binding, with or without a condition, from a policy
1401 # that includes conditions
1402 #
1403 # **Important:** If you use IAM Conditions, you must include the `etag` field
1404 # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1405 # you to overwrite a version `3` policy with a version `1` policy, and all of
1406 # the conditions in the version `3` policy are lost.
1407 #
1408 # If a policy does not include any conditions, operations on that policy may
1409 # specify any valid version or leave the field unset.
1410 #
1411 # To learn which resources support conditions in their IAM policies, see the
1412 # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1413 &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
1414 { # Specifies the audit configuration for a service.
1415 # The configuration determines which permission types are logged, and what
1416 # identities, if any, are exempted from logging.
1417 # An AuditConfig must have one or more AuditLogConfigs.
1418 #
1419 # If there are AuditConfigs for both `allServices` and a specific service,
1420 # the union of the two AuditConfigs is used for that service: the log_types
1421 # specified in each AuditConfig are enabled, and the exempted_members in each
1422 # AuditLogConfig are exempted.
1423 #
1424 # Example Policy with multiple AuditConfigs:
1425 #
1426 # {
1427 # &quot;audit_configs&quot;: [
1428 # {
1429 # &quot;service&quot;: &quot;allServices&quot;
1430 # &quot;audit_log_configs&quot;: [
1431 # {
1432 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1433 # &quot;exempted_members&quot;: [
1434 # &quot;user:jose@example.com&quot;
1435 # ]
1436 # },
1437 # {
1438 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1439 # },
1440 # {
1441 # &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
1442 # }
1443 # ]
1444 # },
1445 # {
1446 # &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
1447 # &quot;audit_log_configs&quot;: [
1448 # {
1449 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1450 # },
1451 # {
1452 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1453 # &quot;exempted_members&quot;: [
1454 # &quot;user:aliya@example.com&quot;
1455 # ]
1456 # }
1457 # ]
1458 # }
1459 # ]
1460 # }
1461 #
1462 # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1463 # logging. It also exempts jose@example.com from DATA_READ logging, and
1464 # aliya@example.com from DATA_WRITE logging.
Bu Sun Kim65020912020-05-20 12:08:20 -07001465 &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
1466 { # Provides the configuration for logging a type of permissions.
1467 # Example:
1468 #
1469 # {
1470 # &quot;audit_log_configs&quot;: [
1471 # {
1472 # &quot;log_type&quot;: &quot;DATA_READ&quot;,
1473 # &quot;exempted_members&quot;: [
1474 # &quot;user:jose@example.com&quot;
1475 # ]
1476 # },
1477 # {
1478 # &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
1479 # }
1480 # ]
1481 # }
1482 #
1483 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
1484 # jose@example.com from DATA_READ logging.
Bu Sun Kim65020912020-05-20 12:08:20 -07001485 &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
1486 # permission.
1487 # Follows the same format of Binding.members.
1488 &quot;A String&quot;,
1489 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001490 &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
Bu Sun Kim65020912020-05-20 12:08:20 -07001491 },
1492 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -07001493 &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
1494 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1495 # `allServices` is a special value that covers all services.
Bu Sun Kim65020912020-05-20 12:08:20 -07001496 },
1497 ],
Bu Sun Kim65020912020-05-20 12:08:20 -07001498 }</pre>
1499</div>
1500
1501<div class="method">
1502 <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
1503 <pre>Returns permissions that a caller has on the specified resource.
1504If the resource does not exist, this will return an empty set of
1505permissions, not a `NOT_FOUND` error.
1506
1507Note: This operation is designed to be used for building permission-aware
1508UIs and command-line tools, not for authorization checking. This operation
1509may &quot;fail open&quot; without warning.
1510
1511Args:
1512 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1513See the operation documentation for the appropriate value for this field. (required)
1514 body: object, The request body.
1515 The object takes the form of:
1516
1517{ # Request message for `TestIamPermissions` method.
1518 &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
1519 # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
1520 # information see
1521 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
1522 &quot;A String&quot;,
1523 ],
1524 }
1525
1526 x__xgafv: string, V1 error format.
1527 Allowed values
1528 1 - v1 error format
1529 2 - v2 error format
1530
1531Returns:
1532 An object of the form:
1533
1534 { # Response message for `TestIamPermissions` method.
1535 &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1536 # allowed.
1537 &quot;A String&quot;,
1538 ],
1539 }</pre>
1540</div>
1541
1542</body></html>