Blame - docs/dyn/accesscontextmanager_v1.accessPolicies.accessLevels.html - platform/external/python/google-api-python-client

2020-05-01 07:42:23 -0700

[diff] [blame]

78

<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

79

<p class="firstline">Create an Access Level. The longrunning</p>

80

81

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

82

<p class="firstline">Delete an Access Level by resource</p>

83

84

<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>

85

<p class="firstline">Get an Access Level by resource</p>

86

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

87

<code><a href="#list">list(parent, pageSize=None, pageToken=None, accessLevelFormat=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

88

<p class="firstline">List all Access Levels for an access</p>

89

90

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

91

<p class="firstline">Retrieves the next page of results.</p>

92

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

93

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

94

<p class="firstline">Update an Access Level. The longrunning</p>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

95

96

<code><a href="#replaceAll">replaceAll(parent, body=None, x__xgafv=None)</a></code></p>

97

<p class="firstline">Replace all existing Access Levels in an Access</p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

98

<h3>Method Details</h3>

99

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

100

<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

101

<pre>Create an Access Level. The longrunning

102

operation from this RPC will have a successful status once the Access

103

Level has

104

propagated to long-lasting storage. Access Levels containing

105

errors will result in an error response for the first error encountered.

106

107

Args:

108

parent: string, Required. Resource name for the access policy which owns this Access

109

Level.

110

111

Format: `accessPolicies/{policy_id}` (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

112

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

113

The object takes the form of:

114

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

115

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

116

# services, along with a list of requirements necessary for the label to be

117

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

118

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

119

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

120

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

121

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

122

# AND over its fields. So a Condition is true if: 1) the request IP is from one

123

# of the listed subnetworks AND 2) the originating device complies with the

124

# listed device policy AND 3) all listed access levels are granted AND 4) the

125

# request was sent at a time allowed by the DateTimeRestriction.

126

"regions": [ # The request must originate from one of the provided countries/regions.

127

# Must be valid ISO 3166-1 alpha-2 codes.

128

"A String",

129

],

130

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

131

# resource name. Referencing an `AccessLevel` which does not exist is an

132

# error. All access levels listed must be granted for the Condition

133

# to be true. Example:

134

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

135

"A String",

136

],

137

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

138

# Condition to be true. If not specified, all devices are allowed.

139

# given access level. A `DevicePolicy` specifies requirements for requests from

140

# devices to be granted access levels, it does not do any enforcement on the

141

# device. `DevicePolicy` acts as an AND over all specified fields, and each

142

# repeated field is an OR over its elements. Any unset fields are ignored. For

143

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

144

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

145

# true for requests originating from encrypted Linux desktops and encrypted

146

# Windows desktops.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

147

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

148

"A String",

149

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

150

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

151

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

152

# Defaults to `false`.

153

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

154

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

155

{ # A restriction on the OS type and version of devices making requests.

156

"osType": "A String", # Required. The allowed OS type.

157

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

158

# Verifications includes requirements that the device is enterprise-managed,

159

# conformant to domain policies, and the caller has permission to call

160

# the API targeted by the request.

161

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

162

# satisfies the constraint. Format: `"major.minor.patch"`.

163

# Examples: `"10.5.301"`, `"9.2.1"`.

164

},

165

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

166

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

167

# levels.

168

"A String",

169

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

170

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

171

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

172

# a CIDR IP address block, the specified IP address portion must be properly

173

# truncated (i.e. all the host bits must be zero) or the input is considered

174

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

175

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

176

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

177

# the listed subnets in order for this Condition to be true. If empty, all IP

178

# addresses are allowed.

179

"A String",

180

],

181

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

182

# its non-empty fields, each field must be false for the Condition overall to

183

# be satisfied. Defaults to false.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

184

"members": [ # The request must be made by one of the provided user or service

185

# accounts. Groups are not supported.

186

# Syntax:

187

# `user:{emailid}`

188

# `serviceAccount:{emailid}`

189

# If not specified, a request may come from any user.

190

"A String",

191

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

192

},

193

],

194

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

195

# granted this `AccessLevel`. If AND is used, each `Condition` in

196

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

197

# is used, at least one `Condition` in `conditions` must be satisfied for the

198

# `AccessLevel` to be applied. Default behavior is AND.

199

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

200

"title": "A String", # Human readable title. Must be unique within the Policy.

201

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

202

# must begin with a letter and only include alphanumeric and '_'. Format:

203

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

204

# of the `short_name` component is 50 characters.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

205

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

206

# to represent the necessary conditions for the level to apply to a request.

207

# See CEL spec at: https://github.com/google/cel-spec

208

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

209

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

210

# are documented at https://github.com/google/cel-spec.

211

#

212

# Example (Comparison):

213

#

214

# title: "Summary size limit"

215

# description: "Determines if a summary is less than 100 chars"

216

# expression: "document.summary.size() < 100"

217

#

218

# Example (Equality):

219

#

220

# title: "Requestor is owner"

221

# description: "Determines if requestor is the document owner"

222

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

227

# description: "Determine whether the document should be publicly visible"

228

# expression: "document.type != 'private' && document.type != 'internal'"

229

#

230

# Example (Data Manipulation):

231

#

232

# title: "Notification string"

233

# description: "Create a notification string with a timestamp."

234

# expression: "'New message received at ' + string(document.create_time)"

235

#

236

# The exact variables and functions that may be referenced within an expression

237

# are determined by the service that evaluates it. See the service

238

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

239

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

240

# its purpose. This can be used e.g. in UIs which allow to enter the

241

# expression.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

242

"description": "A String", # Optional. Description of the expression. This is a longer text which

243

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

244

"expression": "A String", # Textual representation of an expression in Common Expression Language

245

# syntax.

246

"location": "A String", # Optional. String indicating the location of the expression for error

247

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

248

},

249

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

250

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

251

252

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

259

260

{ # This resource represents a long-running operation that is the result of a

261

# network API call.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

262

"name": "A String", # The server-assigned name, which is only unique within the same service that

263

# originally returns it. If you use the default HTTP mapping, the

264

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

265

"metadata": { # Service-specific metadata associated with the operation. It typically

266

# contains progress information and common metadata such as create time.

267

# Some services might not provide such metadata. Any method that returns a

268

# long-running operation should document the metadata type, if any.

269

"a_key": "", # Properties of the object. Contains field @type with type URL.

270

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

271

"response": { # The normal response of the operation in case of success. If the original

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

272

# method returns no data on success, such as `Delete`, the response is

273

# `google.protobuf.Empty`. If the original method is standard

274

# `Get`/`Create`/`Update`, the response should be the resource. For other

275

# methods, the response should have the type `XxxResponse`, where `Xxx`

276

# is the original method name. For example, if the original method name

277

# is `TakeSnapshot()`, the inferred response type is

278

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

279

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

280

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

281

"done": True or False, # If the value is `false`, it means the operation is still in progress.

282

# If `true`, the operation is completed, and either `error` or `response` is

283

# available.

284

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

285

# different programming environments, including REST APIs and RPC APIs. It is

286

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

287

# three pieces of data: error code, error message, and error details.

288

#

289

# You can find out more about this error model and how to work with it in the

290

# [API Design Guide](https://cloud.google.com/apis/design/errors).

291

"details": [ # A list of messages that carry the error details. There is a common set of

292

# message types for APIs to use.

293

{

294

"a_key": "", # Properties of the object. Contains field @type with type URL.

295

},

296

],

297

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

298

"message": "A String", # A developer-facing error message, which should be in English. Any

299

# user-facing error message should be localized and sent in the

300

# google.rpc.Status.details field, or localized by the client.

301

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

307

<pre>Delete an Access Level by resource

308

name. The longrunning operation from this RPC will have a successful status

309

once the Access Level has been removed

310

from long-lasting storage.

311

312

Args:

313

name: string, Required. Resource name for the Access Level.

314

315

Format:

316

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

317

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

324

325

{ # This resource represents a long-running operation that is the result of a

326

# network API call.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

327

"name": "A String", # The server-assigned name, which is only unique within the same service that

328

# originally returns it. If you use the default HTTP mapping, the

329

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

330

"metadata": { # Service-specific metadata associated with the operation. It typically

331

# contains progress information and common metadata such as create time.

332

# Some services might not provide such metadata. Any method that returns a

333

# long-running operation should document the metadata type, if any.

334

"a_key": "", # Properties of the object. Contains field @type with type URL.

335

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

336

"response": { # The normal response of the operation in case of success. If the original

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

337

# method returns no data on success, such as `Delete`, the response is

338

# `google.protobuf.Empty`. If the original method is standard

339

# `Get`/`Create`/`Update`, the response should be the resource. For other

340

# methods, the response should have the type `XxxResponse`, where `Xxx`

341

# is the original method name. For example, if the original method name

342

# is `TakeSnapshot()`, the inferred response type is

343

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

344

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

345

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

346

"done": True or False, # If the value is `false`, it means the operation is still in progress.

347

# If `true`, the operation is completed, and either `error` or `response` is

348

# available.

349

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

350

# different programming environments, including REST APIs and RPC APIs. It is

351

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

352

# three pieces of data: error code, error message, and error details.

353

#

354

# You can find out more about this error model and how to work with it in the

355

# [API Design Guide](https://cloud.google.com/apis/design/errors).

356

"details": [ # A list of messages that carry the error details. There is a common set of

357

# message types for APIs to use.

358

{

359

"a_key": "", # Properties of the object. Contains field @type with type URL.

360

},

361

],

362

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

363

"message": "A String", # A developer-facing error message, which should be in English. Any

364

# user-facing error message should be localized and sent in the

365

# google.rpc.Status.details field, or localized by the client.

366

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>

372

<pre>Get an Access Level by resource

name.

Args:

name: string, Required. Resource name for the Access Level.

377

378

Format:

379

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

380

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression

381

Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where

382

Access Levels

383

are returned as `BasicLevels` or `CustomLevels` based on how they were

384

created. If set to CEL, all Access Levels are returned as

385

`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent

386

`CustomLevels`.

387

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

394

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

395

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

396

# services, along with a list of requirements necessary for the label to be

397

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

398

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

399

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

400

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

401

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

402

# AND over its fields. So a Condition is true if: 1) the request IP is from one

403

# of the listed subnetworks AND 2) the originating device complies with the

404

# listed device policy AND 3) all listed access levels are granted AND 4) the

405

# request was sent at a time allowed by the DateTimeRestriction.

406

"regions": [ # The request must originate from one of the provided countries/regions.

407

# Must be valid ISO 3166-1 alpha-2 codes.

408

"A String",

409

],

410

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

411

# resource name. Referencing an `AccessLevel` which does not exist is an

412

# error. All access levels listed must be granted for the Condition

413

# to be true. Example:

414

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

415

"A String",

416

],

417

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

418

# Condition to be true. If not specified, all devices are allowed.

419

# given access level. A `DevicePolicy` specifies requirements for requests from

420

# devices to be granted access levels, it does not do any enforcement on the

421

# device. `DevicePolicy` acts as an AND over all specified fields, and each

422

# repeated field is an OR over its elements. Any unset fields are ignored. For

423

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

424

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

425

# true for requests originating from encrypted Linux desktops and encrypted

426

# Windows desktops.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

427

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

428

"A String",

429

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

430

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

431

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

432

# Defaults to `false`.

433

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

434

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

435

{ # A restriction on the OS type and version of devices making requests.

436

"osType": "A String", # Required. The allowed OS type.

437

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

438

# Verifications includes requirements that the device is enterprise-managed,

439

# conformant to domain policies, and the caller has permission to call

440

# the API targeted by the request.

441

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

442

# satisfies the constraint. Format: `"major.minor.patch"`.

443

# Examples: `"10.5.301"`, `"9.2.1"`.

444

},

445

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

446

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

447

# levels.

448

"A String",

449

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

450

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

451

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

452

# a CIDR IP address block, the specified IP address portion must be properly

453

# truncated (i.e. all the host bits must be zero) or the input is considered

454

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

455

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

456

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

457

# the listed subnets in order for this Condition to be true. If empty, all IP

458

# addresses are allowed.

459

"A String",

460

],

461

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

462

# its non-empty fields, each field must be false for the Condition overall to

463

# be satisfied. Defaults to false.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

464

"members": [ # The request must be made by one of the provided user or service

465

# accounts. Groups are not supported.

466

# Syntax:

467

# `user:{emailid}`

468

# `serviceAccount:{emailid}`

469

# If not specified, a request may come from any user.

470

"A String",

471

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

472

},

473

],

474

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

475

# granted this `AccessLevel`. If AND is used, each `Condition` in

476

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

477

# is used, at least one `Condition` in `conditions` must be satisfied for the

478

# `AccessLevel` to be applied. Default behavior is AND.

479

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

480

"title": "A String", # Human readable title. Must be unique within the Policy.

481

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

482

# must begin with a letter and only include alphanumeric and '_'. Format:

483

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

484

# of the `short_name` component is 50 characters.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

485

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

486

# to represent the necessary conditions for the level to apply to a request.

487

# See CEL spec at: https://github.com/google/cel-spec

488

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

489

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

490

# are documented at https://github.com/google/cel-spec.

491

#

492

# Example (Comparison):

493

#

494

# title: "Summary size limit"

495

# description: "Determines if a summary is less than 100 chars"

496

# expression: "document.summary.size() < 100"

497

#

498

# Example (Equality):

499

#

500

# title: "Requestor is owner"

501

# description: "Determines if requestor is the document owner"

502

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

507

# description: "Determine whether the document should be publicly visible"

508

# expression: "document.type != 'private' && document.type != 'internal'"

509

#

510

# Example (Data Manipulation):

511

#

512

# title: "Notification string"

513

# description: "Create a notification string with a timestamp."

514

# expression: "'New message received at ' + string(document.create_time)"

515

#

516

# The exact variables and functions that may be referenced within an expression

517

# are determined by the service that evaluates it. See the service

518

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

519

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

520

# its purpose. This can be used e.g. in UIs which allow to enter the

521

# expression.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

522

"description": "A String", # Optional. Description of the expression. This is a longer text which

523

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

524

"expression": "A String", # Textual representation of an expression in Common Expression Language

525

# syntax.

526

"location": "A String", # Optional. String indicating the location of the expression for error

527

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

528

},

529

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

}</pre>

</div>

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

534

<code class="details" id="list">list(parent, pageSize=None, pageToken=None, accessLevelFormat=None, x__xgafv=None)</code>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

535

<pre>List all Access Levels for an access

policy.

Args:

parent: string, Required. Resource name for the access policy to list Access Levels from.

540

541

Format:

542

`accessPolicies/{policy_id}` (required)

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

543

pageSize: integer, Number of Access Levels to include in

544

the list. Default 100.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

545

pageToken: string, Next page token for the next batch of Access Level instances.

546

Defaults to the first page of results.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

547

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as

548

`CustomLevels`, rather than as `BasicLevels`. Defaults to returning

549

`AccessLevels` in the format they were defined.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

550

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

557

558

{ # A response to `ListAccessLevelsRequest`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

559

"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

560

# empty, no further results remain.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

561

"accessLevels": [ # List of the Access Level instances.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

562

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

563

# services, along with a list of requirements necessary for the label to be

564

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

565

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

566

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

567

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

568

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

569

# AND over its fields. So a Condition is true if: 1) the request IP is from one

570

# of the listed subnetworks AND 2) the originating device complies with the

571

# listed device policy AND 3) all listed access levels are granted AND 4) the

572

# request was sent at a time allowed by the DateTimeRestriction.

573

"regions": [ # The request must originate from one of the provided countries/regions.

574

# Must be valid ISO 3166-1 alpha-2 codes.

575

"A String",

576

],

577

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

578

# resource name. Referencing an `AccessLevel` which does not exist is an

579

# error. All access levels listed must be granted for the Condition

580

# to be true. Example:

581

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

582

"A String",

583

],

584

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

585

# Condition to be true. If not specified, all devices are allowed.

586

# given access level. A `DevicePolicy` specifies requirements for requests from

587

# devices to be granted access levels, it does not do any enforcement on the

588

# device. `DevicePolicy` acts as an AND over all specified fields, and each

589

# repeated field is an OR over its elements. Any unset fields are ignored. For

590

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

591

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

592

# true for requests originating from encrypted Linux desktops and encrypted

593

# Windows desktops.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

594

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

595

"A String",

596

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

597

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

598

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

599

# Defaults to `false`.

600

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

601

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

602

{ # A restriction on the OS type and version of devices making requests.

603

"osType": "A String", # Required. The allowed OS type.

604

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

605

# Verifications includes requirements that the device is enterprise-managed,

606

# conformant to domain policies, and the caller has permission to call

607

# the API targeted by the request.

608

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

609

# satisfies the constraint. Format: `"major.minor.patch"`.

610

# Examples: `"10.5.301"`, `"9.2.1"`.

611

},

612

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

613

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

614

# levels.

615

"A String",

616

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

617

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

618

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

619

# a CIDR IP address block, the specified IP address portion must be properly

620

# truncated (i.e. all the host bits must be zero) or the input is considered

621

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

622

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

623

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

624

# the listed subnets in order for this Condition to be true. If empty, all IP

625

# addresses are allowed.

626

"A String",

627

],

628

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

629

# its non-empty fields, each field must be false for the Condition overall to

630

# be satisfied. Defaults to false.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

631

"members": [ # The request must be made by one of the provided user or service

632

# accounts. Groups are not supported.

633

# Syntax:

634

# `user:{emailid}`

635

# `serviceAccount:{emailid}`

636

# If not specified, a request may come from any user.

637

"A String",

638

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

639

},

640

],

641

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

642

# granted this `AccessLevel`. If AND is used, each `Condition` in

643

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

644

# is used, at least one `Condition` in `conditions` must be satisfied for the

645

# `AccessLevel` to be applied. Default behavior is AND.

646

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

647

"title": "A String", # Human readable title. Must be unique within the Policy.

648

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

649

# must begin with a letter and only include alphanumeric and '_'. Format:

650

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

651

# of the `short_name` component is 50 characters.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

652

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

653

# to represent the necessary conditions for the level to apply to a request.

654

# See CEL spec at: https://github.com/google/cel-spec

655

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

656

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

657

# are documented at https://github.com/google/cel-spec.

658

#

659

# Example (Comparison):

660

#

661

# title: "Summary size limit"

662

# description: "Determines if a summary is less than 100 chars"

663

# expression: "document.summary.size() < 100"

664

#

665

# Example (Equality):

666

#

667

# title: "Requestor is owner"

668

# description: "Determines if requestor is the document owner"

669

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

674

# description: "Determine whether the document should be publicly visible"

675

# expression: "document.type != 'private' && document.type != 'internal'"

676

#

677

# Example (Data Manipulation):

678

#

679

# title: "Notification string"

680

# description: "Create a notification string with a timestamp."

681

# expression: "'New message received at ' + string(document.create_time)"

682

#

683

# The exact variables and functions that may be referenced within an expression

684

# are determined by the service that evaluates it. See the service

685

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

686

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

687

# its purpose. This can be used e.g. in UIs which allow to enter the

688

# expression.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

689

"description": "A String", # Optional. Description of the expression. This is a longer text which

690

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

691

"expression": "A String", # Textual representation of an expression in Common Expression Language

692

# syntax.

693

"location": "A String", # Optional. String indicating the location of the expression for error

694

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

695

},

696

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

},

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

704

<pre>Retrieves the next page of results.

705

706

Args:

707

previous_request: The request for the previous page. (required)

708

previous_response: The response from the request for the previous page. (required)

709

710

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

711

A request object that you can call 'execute()' on to request the next

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

712

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

718

<pre>Update an Access Level. The longrunning

719

operation from this RPC will have a successful status once the changes to

720

the Access Level have propagated

721

to long-lasting storage. Access Levels containing

722

errors will result in an error response for the first error encountered.

723

724

Args:

725

name: string, Required. Resource name for the Access Level. The `short_name` component

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

726

must begin with a letter and only include alphanumeric and '_'. Format:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

727

`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

728

of the `short_name` component is 50 characters. (required)

729

body: object, The request body.

730

The object takes the form of:

731

732

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

733

# services, along with a list of requirements necessary for the label to be

734

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

735

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

736

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

737

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

738

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

739

# AND over its fields. So a Condition is true if: 1) the request IP is from one

740

# of the listed subnetworks AND 2) the originating device complies with the

741

# listed device policy AND 3) all listed access levels are granted AND 4) the

742

# request was sent at a time allowed by the DateTimeRestriction.

743

"regions": [ # The request must originate from one of the provided countries/regions.

744

# Must be valid ISO 3166-1 alpha-2 codes.

745

"A String",

746

],

747

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

748

# resource name. Referencing an `AccessLevel` which does not exist is an

749

# error. All access levels listed must be granted for the Condition

750

# to be true. Example:

751

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

752

"A String",

753

],

754

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

755

# Condition to be true. If not specified, all devices are allowed.

756

# given access level. A `DevicePolicy` specifies requirements for requests from

757

# devices to be granted access levels, it does not do any enforcement on the

758

# device. `DevicePolicy` acts as an AND over all specified fields, and each

759

# repeated field is an OR over its elements. Any unset fields are ignored. For

760

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

761

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

762

# true for requests originating from encrypted Linux desktops and encrypted

763

# Windows desktops.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

764

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

765

"A String",

766

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

767

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

768

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

769

# Defaults to `false`.

770

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

771

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

772

{ # A restriction on the OS type and version of devices making requests.

773

"osType": "A String", # Required. The allowed OS type.

774

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

775

# Verifications includes requirements that the device is enterprise-managed,

776

# conformant to domain policies, and the caller has permission to call

777

# the API targeted by the request.

778

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

779

# satisfies the constraint. Format: `"major.minor.patch"`.

780

# Examples: `"10.5.301"`, `"9.2.1"`.

781

},

782

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

783

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

784

# levels.

785

"A String",

786

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

787

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

788

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

789

# a CIDR IP address block, the specified IP address portion must be properly

790

# truncated (i.e. all the host bits must be zero) or the input is considered

791

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

792

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

793

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

794

# the listed subnets in order for this Condition to be true. If empty, all IP

795

# addresses are allowed.

796

"A String",

797

],

798

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

799

# its non-empty fields, each field must be false for the Condition overall to

800

# be satisfied. Defaults to false.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

801

"members": [ # The request must be made by one of the provided user or service

802

# accounts. Groups are not supported.

803

# Syntax:

804

# `user:{emailid}`

805

# `serviceAccount:{emailid}`

806

# If not specified, a request may come from any user.

807

"A String",

808

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

809

},

810

],

811

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

812

# granted this `AccessLevel`. If AND is used, each `Condition` in

813

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

814

# is used, at least one `Condition` in `conditions` must be satisfied for the

815

# `AccessLevel` to be applied. Default behavior is AND.

816

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

817

"title": "A String", # Human readable title. Must be unique within the Policy.

818

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

819

# must begin with a letter and only include alphanumeric and '_'. Format:

820

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

821

# of the `short_name` component is 50 characters.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

822

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

823

# to represent the necessary conditions for the level to apply to a request.

824

# See CEL spec at: https://github.com/google/cel-spec

825

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

826

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

827

# are documented at https://github.com/google/cel-spec.

828

#

829

# Example (Comparison):

830

#

831

# title: "Summary size limit"

832

# description: "Determines if a summary is less than 100 chars"

833

# expression: "document.summary.size() < 100"

834

#

835

# Example (Equality):

836

#

837

# title: "Requestor is owner"

838

# description: "Determines if requestor is the document owner"

839

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

844

# description: "Determine whether the document should be publicly visible"

845

# expression: "document.type != 'private' && document.type != 'internal'"

846

#

847

# Example (Data Manipulation):

848

#

849

# title: "Notification string"

850

# description: "Create a notification string with a timestamp."

851

# expression: "'New message received at ' + string(document.create_time)"

852

#

853

# The exact variables and functions that may be referenced within an expression

854

# are determined by the service that evaluates it. See the service

855

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

856

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

857

# its purpose. This can be used e.g. in UIs which allow to enter the

858

# expression.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

859

"description": "A String", # Optional. Description of the expression. This is a longer text which

860

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

861

"expression": "A String", # Textual representation of an expression in Common Expression Language

862

# syntax.

863

"location": "A String", # Optional. String indicating the location of the expression for error

864

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

865

},

866

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

867

}

868

869

updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.

870

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

877

878

{ # This resource represents a long-running operation that is the result of a

879

# network API call.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

880

"name": "A String", # The server-assigned name, which is only unique within the same service that

881

# originally returns it. If you use the default HTTP mapping, the

882

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

883

"metadata": { # Service-specific metadata associated with the operation. It typically

884

# contains progress information and common metadata such as create time.

885

# Some services might not provide such metadata. Any method that returns a

886

# long-running operation should document the metadata type, if any.

887

"a_key": "", # Properties of the object. Contains field @type with type URL.

888

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

889

"response": { # The normal response of the operation in case of success. If the original

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

890

# method returns no data on success, such as `Delete`, the response is

891

# `google.protobuf.Empty`. If the original method is standard

892

# `Get`/`Create`/`Update`, the response should be the resource. For other

893

# methods, the response should have the type `XxxResponse`, where `Xxx`

894

# is the original method name. For example, if the original method name

895

# is `TakeSnapshot()`, the inferred response type is

896

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

897

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

898

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

899

"done": True or False, # If the value is `false`, it means the operation is still in progress.

900

# If `true`, the operation is completed, and either `error` or `response` is

901

# available.

902

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

903

# different programming environments, including REST APIs and RPC APIs. It is

904

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

905

# three pieces of data: error code, error message, and error details.

906

#

907

# You can find out more about this error model and how to work with it in the

908

# [API Design Guide](https://cloud.google.com/apis/design/errors).

909

"details": [ # A list of messages that carry the error details. There is a common set of

910

# message types for APIs to use.

911

{

912

"a_key": "", # Properties of the object. Contains field @type with type URL.

913

},

914

],

915

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

916

"message": "A String", # A developer-facing error message, which should be in English. Any

917

# user-facing error message should be localized and sent in the

918

# google.rpc.Status.details field, or localized by the client.

919

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="replaceAll">replaceAll(parent, body=None, x__xgafv=None)</code>

925

<pre>Replace all existing Access Levels in an Access

926

Policy with

927

the Access Levels provided. This

928

is done atomically. The longrunning operation from this RPC will have a

929

successful status once all replacements have propagated to long-lasting

930

storage. Replacements containing errors will result in an error response

931

for the first error encountered. Replacement will be cancelled on error,

932

existing Access Levels will not be

933

affected. Operation.response field will contain

934

ReplaceAccessLevelsResponse. Removing Access Levels contained in existing

935

Service Perimeters will result in

error.

Args:

parent: string, Required. Resource name for the access policy which owns these

940

Access Levels.

941

942

Format: `accessPolicies/{policy_id}` (required)

943

body: object, The request body.

944

The object takes the form of:

945

946

{ # A request to replace all existing Access Levels in an Access Policy with

947

# the Access Levels provided. This is done atomically.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

948

"accessLevels": [ # Required. The desired Access Levels that should

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

949

# replace all existing Access Levels in the

950

# Access Policy.

951

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

952

# services, along with a list of requirements necessary for the label to be

953

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

954

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

955

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

956

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

957

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

958

# AND over its fields. So a Condition is true if: 1) the request IP is from one

959

# of the listed subnetworks AND 2) the originating device complies with the

960

# listed device policy AND 3) all listed access levels are granted AND 4) the

961

# request was sent at a time allowed by the DateTimeRestriction.

962

"regions": [ # The request must originate from one of the provided countries/regions.

963

# Must be valid ISO 3166-1 alpha-2 codes.

964

"A String",

965

],

966

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

967

# resource name. Referencing an `AccessLevel` which does not exist is an

968

# error. All access levels listed must be granted for the Condition

969

# to be true. Example:

970

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

971

"A String",

972

],

973

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

974

# Condition to be true. If not specified, all devices are allowed.

975

# given access level. A `DevicePolicy` specifies requirements for requests from

976

# devices to be granted access levels, it does not do any enforcement on the

977

# device. `DevicePolicy` acts as an AND over all specified fields, and each

978

# repeated field is an OR over its elements. Any unset fields are ignored. For

979

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

980

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

981

# true for requests originating from encrypted Linux desktops and encrypted

982

# Windows desktops.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

983

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

984

"A String",

985

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

986

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

987

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

988

# Defaults to `false`.

989

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

990

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

991

{ # A restriction on the OS type and version of devices making requests.

992

"osType": "A String", # Required. The allowed OS type.

993

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

994

# Verifications includes requirements that the device is enterprise-managed,

995

# conformant to domain policies, and the caller has permission to call

996

# the API targeted by the request.

997

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

998

# satisfies the constraint. Format: `"major.minor.patch"`.

999

# Examples: `"10.5.301"`, `"9.2.1"`.

1000

},

1001

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

1002

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

1003

# levels.

1004

"A String",

1005

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1006

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1007

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

1008

# a CIDR IP address block, the specified IP address portion must be properly

1009

# truncated (i.e. all the host bits must be zero) or the input is considered

1010

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

1011

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

1012

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

1013

# the listed subnets in order for this Condition to be true. If empty, all IP

1014

# addresses are allowed.

1015

"A String",

1016

],

1017

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

1018

# its non-empty fields, each field must be false for the Condition overall to

1019

# be satisfied. Defaults to false.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

1020

"members": [ # The request must be made by one of the provided user or service

1021

# accounts. Groups are not supported.

1022

# Syntax:

1023

# `user:{emailid}`

1024

# `serviceAccount:{emailid}`

1025

# If not specified, a request may come from any user.

1026

"A String",

1027

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1028

},

1029

],

1030

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

1031

# granted this `AccessLevel`. If AND is used, each `Condition` in

1032

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

1033

# is used, at least one `Condition` in `conditions` must be satisfied for the

1034

# `AccessLevel` to be applied. Default behavior is AND.

1035

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

1036

"title": "A String", # Human readable title. Must be unique within the Policy.

1037

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

1038

# must begin with a letter and only include alphanumeric and '_'. Format:

1039

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

1040

# of the `short_name` component is 50 characters.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1041

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

1042

# to represent the necessary conditions for the level to apply to a request.

1043

# See CEL spec at: https://github.com/google/cel-spec

1044

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

1045

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1046

# are documented at https://github.com/google/cel-spec.

1047

#

1048

# Example (Comparison):

1049

#

1050

# title: "Summary size limit"

1051

# description: "Determines if a summary is less than 100 chars"

1052

# expression: "document.summary.size() < 100"

1053

#

1054

# Example (Equality):

1055

#

1056

# title: "Requestor is owner"

1057

# description: "Determines if requestor is the document owner"

1058

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1063

# description: "Determine whether the document should be publicly visible"

1064

# expression: "document.type != 'private' && document.type != 'internal'"

1065

#

1066

# Example (Data Manipulation):

1067

#

1068

# title: "Notification string"

1069

# description: "Create a notification string with a timestamp."

1070

# expression: "'New message received at ' + string(document.create_time)"

1071

#

1072

# The exact variables and functions that may be referenced within an expression

1073

# are determined by the service that evaluates it. See the service

1074

# documentation for additional information.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1075

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1076

# its purpose. This can be used e.g. in UIs which allow to enter the

1077

# expression.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1078

"description": "A String", # Optional. Description of the expression. This is a longer text which

1079

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

1080

"expression": "A String", # Textual representation of an expression in Common Expression Language

1081

# syntax.

1082

"location": "A String", # Optional. String indicating the location of the expression for error

1083

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1084

},

1085

},

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

1086

},

1087

],

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1088

"etag": "A String", # Optional. The etag for the version of the Access Policy that this

1089

# replace operation is to be performed on. If, at the time of replace, the

1090

# etag for the Access Policy stored in Access Context Manager is different

1091

# from the specified etag, then the replace operation will not be performed

1092

# and the call will fail. This field is not required. If etag is not

1093

# provided, the operation will be performed as if a valid etag is provided.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1094

}

1095

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1096

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1103

1104

{ # This resource represents a long-running operation that is the result of a

1105

# network API call.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1106

"name": "A String", # The server-assigned name, which is only unique within the same service that

1107

# originally returns it. If you use the default HTTP mapping, the

1108

# `name` should be a resource name ending with `operations/{unique_id}`.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

1109

"metadata": { # Service-specific metadata associated with the operation. It typically

1110

# contains progress information and common metadata such as create time.

1111

# Some services might not provide such metadata. Any method that returns a

1112

# long-running operation should document the metadata type, if any.

1113

"a_key": "", # Properties of the object. Contains field @type with type URL.

1114

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1115

"response": { # The normal response of the operation in case of success. If the original

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1116

# method returns no data on success, such as `Delete`, the response is

1117

# `google.protobuf.Empty`. If the original method is standard

1118

# `Get`/`Create`/`Update`, the response should be the resource. For other

1119

# methods, the response should have the type `XxxResponse`, where `Xxx`

1120

# is the original method name. For example, if the original method name

1121

# is `TakeSnapshot()`, the inferred response type is

1122

# `TakeSnapshotResponse`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

1123

"a_key": "", # Properties of the object. Contains field @type with type URL.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

1124

},

Bu Sun Kim