Blame - docs/dyn/accesscontextmanager_v1beta.accessPolicies.accessLevels.html - platform/external/python/google-api-python-client

2020-05-01 07:42:23 -0700

[diff] [blame]

78

<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

79

<p class="firstline">Create an Access Level. The longrunning</p>

80

81

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

82

<p class="firstline">Delete an Access Level by resource</p>

83

84

<code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p>

85

<p class="firstline">Get an Access Level by resource</p>

86

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

87

<code><a href="#list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

88

<p class="firstline">List all Access Levels for an access</p>

89

90

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

91

<p class="firstline">Retrieves the next page of results.</p>

92

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

93

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

94

<p class="firstline">Update an Access Level. The longrunning</p>

95

<h3>Method Details</h3>

96

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

97

<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

98

<pre>Create an Access Level. The longrunning

99

operation from this RPC will have a successful status once the Access

100

Level has

101

propagated to long-lasting storage. Access Levels containing

102

errors will result in an error response for the first error encountered.

103

104

Args:

105

parent: string, Required. Resource name for the access policy which owns this Access

106

Level.

107

108

Format: `accessPolicies/{policy_id}` (required)

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

109

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

110

The object takes the form of:

111

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

112

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

113

# services, along with a list of requirements necessary for the label to be

114

# applied.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

115

"title": "A String", # Human readable title. Must be unique within the Policy.

116

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

117

# must begin with a letter and only include alphanumeric and '_'. Format:

118

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

119

# // of the `short_name` component is 50 characters.

120

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

121

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

122

# granted this `AccessLevel`. If AND is used, each `Condition` in

123

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

124

# is used, at least one `Condition` in `conditions` must be satisfied for the

125

# `AccessLevel` to be applied. Default behavior is AND.

126

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

127

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

128

# AND over its fields. So a Condition is true if: 1) the request IP is from one

129

# of the listed subnetworks AND 2) the originating device complies with the

130

# listed device policy AND 3) all listed access levels are granted AND 4) the

131

# request was sent at a time allowed by the DateTimeRestriction.

132

"regions": [ # The request must originate from one of the provided countries/regions.

133

# Must be valid ISO 3166-1 alpha-2 codes.

134

"A String",

135

],

136

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

137

# a CIDR IP address block, the specified IP address portion must be properly

138

# truncated (i.e. all the host bits must be zero) or the input is considered

139

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

140

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

141

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

142

# the listed subnets in order for this Condition to be true. If empty, all IP

143

# addresses are allowed.

144

"A String",

145

],

146

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

147

# Condition to be true. If not specified, all devices are allowed.

148

# given access level. A `DevicePolicy` specifies requirements for requests from

149

# devices to be granted access levels, it does not do any enforcement on the

150

# device. `DevicePolicy` acts as an AND over all specified fields, and each

151

# repeated field is an OR over its elements. Any unset fields are ignored. For

152

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

153

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

154

# true for requests originating from encrypted Linux desktops and encrypted

155

# Windows desktops.

156

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

157

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

158

"A String",

159

],

160

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

165

{ # A restriction on the OS type and version of devices making requests.

166

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

167

# satisfies the constraint. Format: `"major.minor.patch"`.

168

# Examples: `"10.5.301"`, `"9.2.1"`.

169

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

170

# Verifications includes requirements that the device is enterprise-managed,

171

# conformant to domain policies, and the caller has permission to call

172

# the API targeted by the request.

173

"osType": "A String", # Required. The allowed OS type.

174

},

175

],

176

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

177

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

178

# Defaults to `false`.

179

},

180

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

181

# resource name. Referencing an `AccessLevel` which does not exist is an

182

# error. All access levels listed must be granted for the Condition

183

# to be true. Example:

184

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

185

"A String",

186

],

187

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

188

# its non-empty fields, each field must be false for the Condition overall to

189

# be satisfied. Defaults to false.

190

"members": [ # The request must be made by one of the provided user or service

191

# accounts. Groups are not supported.

192

# Syntax:

193

# `user:{emailid}`

194

# `serviceAccount:{emailid}`

195

# If not specified, a request may come from any user.

"A String",

],

},

],

},

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

202

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

203

# to represent the necessary conditions for the level to apply to a request.

204

# See CEL spec at: https://github.com/google/cel-spec

205

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

206

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

207

# are documented at https://github.com/google/cel-spec.

208

#

209

# Example (Comparison):

210

#

211

# title: "Summary size limit"

212

# description: "Determines if a summary is less than 100 chars"

213

# expression: "document.summary.size() < 100"

214

#

215

# Example (Equality):

216

#

217

# title: "Requestor is owner"

218

# description: "Determines if requestor is the document owner"

219

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

224

# description: "Determine whether the document should be publicly visible"

225

# expression: "document.type != 'private' && document.type != 'internal'"

226

#

227

# Example (Data Manipulation):

228

#

229

# title: "Notification string"

230

# description: "Create a notification string with a timestamp."

231

# expression: "'New message received at ' + string(document.create_time)"

232

#

233

# The exact variables and functions that may be referenced within an expression

234

# are determined by the service that evaluates it. See the service

235

# documentation for additional information.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

236

"description": "A String", # Optional. Description of the expression. This is a longer text which

237

# describes the expression, e.g. when hovered over it in a UI.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

238

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

239

# its purpose. This can be used e.g. in UIs which allow to enter the

240

# expression.

241

"location": "A String", # Optional. String indicating the location of the expression for error

242

# reporting, e.g. a file name and a position in the file.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

243

"expression": "A String", # Textual representation of an expression in Common Expression Language

244

# syntax.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

245

},

246

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

247

}

248

249

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

256

257

{ # This resource represents a long-running operation that is the result of a

258

# network API call.

259

"metadata": { # Service-specific metadata associated with the operation. It typically

260

# contains progress information and common metadata such as create time.

261

# Some services might not provide such metadata. Any method that returns a

262

# long-running operation should document the metadata type, if any.

263

"a_key": "", # Properties of the object. Contains field @type with type URL.

264

},

265

"response": { # The normal response of the operation in case of success. If the original

266

# method returns no data on success, such as `Delete`, the response is

267

# `google.protobuf.Empty`. If the original method is standard

268

# `Get`/`Create`/`Update`, the response should be the resource. For other

269

# methods, the response should have the type `XxxResponse`, where `Xxx`

270

# is the original method name. For example, if the original method name

271

# is `TakeSnapshot()`, the inferred response type is

272

# `TakeSnapshotResponse`.

273

"a_key": "", # Properties of the object. Contains field @type with type URL.

274

},

275

"name": "A String", # The server-assigned name, which is only unique within the same service that

276

# originally returns it. If you use the default HTTP mapping, the

277

# `name` should be a resource name ending with `operations/{unique_id}`.

278

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

279

# different programming environments, including REST APIs and RPC APIs. It is

280

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

281

# three pieces of data: error code, error message, and error details.

282

#

283

# You can find out more about this error model and how to work with it in the

284

# [API Design Guide](https://cloud.google.com/apis/design/errors).

285

"message": "A String", # A developer-facing error message, which should be in English. Any

286

# user-facing error message should be localized and sent in the

287

# google.rpc.Status.details field, or localized by the client.

288

"details": [ # A list of messages that carry the error details. There is a common set of

289

# message types for APIs to use.

290

{

291

"a_key": "", # Properties of the object. Contains field @type with type URL.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

292

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

293

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

294

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

295

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

296

"done": True or False, # If the value is `false`, it means the operation is still in progress.

297

# If `true`, the operation is completed, and either `error` or `response` is

298

# available.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

299

}</pre>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

</div>

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

303

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

304

<pre>Delete an Access Level by resource

305

name. The longrunning operation from this RPC will have a successful status

306

once the Access Level has been removed

307

from long-lasting storage.

308

309

Args:

310

name: string, Required. Resource name for the Access Level.

311

312

Format:

313

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

314

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

321

322

{ # This resource represents a long-running operation that is the result of a

323

# network API call.

324

"metadata": { # Service-specific metadata associated with the operation. It typically

325

# contains progress information and common metadata such as create time.

326

# Some services might not provide such metadata. Any method that returns a

327

# long-running operation should document the metadata type, if any.

328

"a_key": "", # Properties of the object. Contains field @type with type URL.

329

},

330

"response": { # The normal response of the operation in case of success. If the original

331

# method returns no data on success, such as `Delete`, the response is

332

# `google.protobuf.Empty`. If the original method is standard

333

# `Get`/`Create`/`Update`, the response should be the resource. For other

334

# methods, the response should have the type `XxxResponse`, where `Xxx`

335

# is the original method name. For example, if the original method name

336

# is `TakeSnapshot()`, the inferred response type is

337

# `TakeSnapshotResponse`.

338

"a_key": "", # Properties of the object. Contains field @type with type URL.

339

},

340

"name": "A String", # The server-assigned name, which is only unique within the same service that

341

# originally returns it. If you use the default HTTP mapping, the

342

# `name` should be a resource name ending with `operations/{unique_id}`.

343

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

344

# different programming environments, including REST APIs and RPC APIs. It is

345

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

346

# three pieces of data: error code, error message, and error details.

347

#

348

# You can find out more about this error model and how to work with it in the

349

# [API Design Guide](https://cloud.google.com/apis/design/errors).

350

"message": "A String", # A developer-facing error message, which should be in English. Any

351

# user-facing error message should be localized and sent in the

352

# google.rpc.Status.details field, or localized by the client.

353

"details": [ # A list of messages that carry the error details. There is a common set of

354

# message types for APIs to use.

355

{

356

"a_key": "", # Properties of the object. Contains field @type with type URL.

357

},

358

],

359

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

360

},

361

"done": True or False, # If the value is `false`, it means the operation is still in progress.

362

# If `true`, the operation is completed, and either `error` or `response` is

# available.

}</pre>

</div>

<code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code>

369

<pre>Get an Access Level by resource

name.

Args:

name: string, Required. Resource name for the Access Level.

374

375

Format:

376

`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required)

377

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression

378

Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where

379

Access Levels

380

are returned as `BasicLevels` or `CustomLevels` based on how they were

381

created. If set to CEL, all Access Levels are returned as

382

`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent

383

`CustomLevels`.

384

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

391

392

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

393

# services, along with a list of requirements necessary for the label to be

394

# applied.

395

"title": "A String", # Human readable title. Must be unique within the Policy.

396

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

397

# must begin with a letter and only include alphanumeric and '_'. Format:

398

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

399

# // of the `short_name` component is 50 characters.

400

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

401

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

402

# granted this `AccessLevel`. If AND is used, each `Condition` in

403

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

404

# is used, at least one `Condition` in `conditions` must be satisfied for the

405

# `AccessLevel` to be applied. Default behavior is AND.

406

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

407

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

408

# AND over its fields. So a Condition is true if: 1) the request IP is from one

409

# of the listed subnetworks AND 2) the originating device complies with the

410

# listed device policy AND 3) all listed access levels are granted AND 4) the

411

# request was sent at a time allowed by the DateTimeRestriction.

412

"regions": [ # The request must originate from one of the provided countries/regions.

413

# Must be valid ISO 3166-1 alpha-2 codes.

414

"A String",

415

],

416

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

417

# a CIDR IP address block, the specified IP address portion must be properly

418

# truncated (i.e. all the host bits must be zero) or the input is considered

419

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

420

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

421

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

422

# the listed subnets in order for this Condition to be true. If empty, all IP

423

# addresses are allowed.

424

"A String",

425

],

426

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

427

# Condition to be true. If not specified, all devices are allowed.

428

# given access level. A `DevicePolicy` specifies requirements for requests from

429

# devices to be granted access levels, it does not do any enforcement on the

430

# device. `DevicePolicy` acts as an AND over all specified fields, and each

431

# repeated field is an OR over its elements. Any unset fields are ignored. For

432

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

433

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

434

# true for requests originating from encrypted Linux desktops and encrypted

435

# Windows desktops.

436

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

437

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

438

"A String",

439

],

440

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

445

{ # A restriction on the OS type and version of devices making requests.

446

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

447

# satisfies the constraint. Format: `"major.minor.patch"`.

448

# Examples: `"10.5.301"`, `"9.2.1"`.

449

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

450

# Verifications includes requirements that the device is enterprise-managed,

451

# conformant to domain policies, and the caller has permission to call

452

# the API targeted by the request.

453

"osType": "A String", # Required. The allowed OS type.

454

},

455

],

456

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

457

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

458

# Defaults to `false`.

459

},

460

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

461

# resource name. Referencing an `AccessLevel` which does not exist is an

462

# error. All access levels listed must be granted for the Condition

463

# to be true. Example:

464

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

465

"A String",

466

],

467

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

468

# its non-empty fields, each field must be false for the Condition overall to

469

# be satisfied. Defaults to false.

470

"members": [ # The request must be made by one of the provided user or service

471

# accounts. Groups are not supported.

472

# Syntax:

473

# `user:{emailid}`

474

# `serviceAccount:{emailid}`

475

# If not specified, a request may come from any user.

"A String",

],

},

],

},

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

482

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

483

# to represent the necessary conditions for the level to apply to a request.

484

# See CEL spec at: https://github.com/google/cel-spec

485

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

486

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

487

# are documented at https://github.com/google/cel-spec.

488

#

489

# Example (Comparison):

490

#

491

# title: "Summary size limit"

492

# description: "Determines if a summary is less than 100 chars"

493

# expression: "document.summary.size() < 100"

494

#

495

# Example (Equality):

496

#

497

# title: "Requestor is owner"

498

# description: "Determines if requestor is the document owner"

499

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

504

# description: "Determine whether the document should be publicly visible"

505

# expression: "document.type != 'private' && document.type != 'internal'"

506

#

507

# Example (Data Manipulation):

508

#

509

# title: "Notification string"

510

# description: "Create a notification string with a timestamp."

511

# expression: "'New message received at ' + string(document.create_time)"

512

#

513

# The exact variables and functions that may be referenced within an expression

514

# are determined by the service that evaluates it. See the service

515

# documentation for additional information.

516

"description": "A String", # Optional. Description of the expression. This is a longer text which

517

# describes the expression, e.g. when hovered over it in a UI.

518

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

519

# its purpose. This can be used e.g. in UIs which allow to enter the

520

# expression.

521

"location": "A String", # Optional. String indicating the location of the expression for error

522

# reporting, e.g. a file name and a position in the file.

523

"expression": "A String", # Textual representation of an expression in Common Expression Language

# syntax.

},

},

}</pre>

</div>

<code class="details" id="list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

532

<pre>List all Access Levels for an access

policy.

Args:

parent: string, Required. Resource name for the access policy to list Access Levels from.

537

538

Format:

539

`accessPolicies/{policy_id}` (required)

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

540

accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as

541

`CustomLevels`, rather than as `BasicLevels`. Defaults to returning

542

`AccessLevels` in the format they were defined.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

543

pageSize: integer, Number of Access Levels to include in

544

the list. Default 100.

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

545

pageToken: string, Next page token for the next batch of Access Level instances.

546

Defaults to the first page of results.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

547

x__xgafv: string, V1 error format.

548

Allowed values

549

1 - v1 error format

550

2 - v2 error format

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

551

552

Returns:

553

An object of the form:

554

555

{ # A response to `ListAccessLevelsRequest`.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

556

"accessLevels": [ # List of the Access Level instances.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

557

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

558

# services, along with a list of requirements necessary for the label to be

559

# applied.

560

"title": "A String", # Human readable title. Must be unique within the Policy.

561

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

562

# must begin with a letter and only include alphanumeric and '_'. Format:

563

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

564

# // of the `short_name` component is 50 characters.

565

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

566

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

567

# granted this `AccessLevel`. If AND is used, each `Condition` in

568

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

569

# is used, at least one `Condition` in `conditions` must be satisfied for the

570

# `AccessLevel` to be applied. Default behavior is AND.

571

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

572

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

573

# AND over its fields. So a Condition is true if: 1) the request IP is from one

574

# of the listed subnetworks AND 2) the originating device complies with the

575

# listed device policy AND 3) all listed access levels are granted AND 4) the

576

# request was sent at a time allowed by the DateTimeRestriction.

577

"regions": [ # The request must originate from one of the provided countries/regions.

578

# Must be valid ISO 3166-1 alpha-2 codes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

579

"A String",

580

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

581

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

582

# a CIDR IP address block, the specified IP address portion must be properly

583

# truncated (i.e. all the host bits must be zero) or the input is considered

584

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

585

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

586

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

587

# the listed subnets in order for this Condition to be true. If empty, all IP

588

# addresses are allowed.

589

"A String",

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

590

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

591

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

592

# Condition to be true. If not specified, all devices are allowed.

593

# given access level. A `DevicePolicy` specifies requirements for requests from

594

# devices to be granted access levels, it does not do any enforcement on the

595

# device. `DevicePolicy` acts as an AND over all specified fields, and each

596

# repeated field is an OR over its elements. Any unset fields are ignored. For

597

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

598

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

599

# true for requests originating from encrypted Linux desktops and encrypted

600

# Windows desktops.

601

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

602

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

603

"A String",

604

],

605

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

610

{ # A restriction on the OS type and version of devices making requests.

611

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

612

# satisfies the constraint. Format: `"major.minor.patch"`.

613

# Examples: `"10.5.301"`, `"9.2.1"`.

614

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

615

# Verifications includes requirements that the device is enterprise-managed,

616

# conformant to domain policies, and the caller has permission to call

617

# the API targeted by the request.

618

"osType": "A String", # Required. The allowed OS type.

619

},

620

],

621

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

622

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

623

# Defaults to `false`.

624

},

625

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

626

# resource name. Referencing an `AccessLevel` which does not exist is an

627

# error. All access levels listed must be granted for the Condition

628

# to be true. Example:

629

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

630

"A String",

631

],

632

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

633

# its non-empty fields, each field must be false for the Condition overall to

634

# be satisfied. Defaults to false.

635

"members": [ # The request must be made by one of the provided user or service

636

# accounts. Groups are not supported.

637

# Syntax:

638

# `user:{emailid}`

639

# `serviceAccount:{emailid}`

640

# If not specified, a request may come from any user.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

641

"A String",

642

],

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

643

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

644

],

645

},

646

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

647

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

648

# to represent the necessary conditions for the level to apply to a request.

649

# See CEL spec at: https://github.com/google/cel-spec

650

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

651

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

652

# are documented at https://github.com/google/cel-spec.

653

#

654

# Example (Comparison):

655

#

656

# title: "Summary size limit"

657

# description: "Determines if a summary is less than 100 chars"

658

# expression: "document.summary.size() < 100"

659

#

660

# Example (Equality):

661

#

662

# title: "Requestor is owner"

663

# description: "Determines if requestor is the document owner"

664

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

669

# description: "Determine whether the document should be publicly visible"

670

# expression: "document.type != 'private' && document.type != 'internal'"

671

#

672

# Example (Data Manipulation):

673

#

674

# title: "Notification string"

675

# description: "Create a notification string with a timestamp."

676

# expression: "'New message received at ' + string(document.create_time)"

677

#

678

# The exact variables and functions that may be referenced within an expression

679

# are determined by the service that evaluates it. See the service

680

# documentation for additional information.

681

"description": "A String", # Optional. Description of the expression. This is a longer text which

682

# describes the expression, e.g. when hovered over it in a UI.

683

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

684

# its purpose. This can be used e.g. in UIs which allow to enter the

685

# expression.

686

"location": "A String", # Optional. String indicating the location of the expression for error

687

# reporting, e.g. a file name and a position in the file.

688

"expression": "A String", # Textual representation of an expression in Common Expression Language

689

# syntax.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

690

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

691

},

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

692

},

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

693

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

694

"nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is

695

# empty, no further results remain.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

701

<pre>Retrieves the next page of results.

702

703

Args:

704

previous_request: The request for the previous page. (required)

705

previous_response: The response from the request for the previous page. (required)

706

707

Returns:

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

708

A request object that you can call 'execute()' on to request the next

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

709

page. Returns None if there are no more items in the collection.

</pre>

</div>

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

714

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

715

<pre>Update an Access Level. The longrunning

716

operation from this RPC will have a successful status once the changes to

717

the Access Level have propagated

718

to long-lasting storage. Access Levels containing

719

errors will result in an error response for the first error encountered.

720

721

Args:

722

name: string, Required. Resource name for the Access Level. The `short_name` component

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

723

must begin with a letter and only include alphanumeric and '_'. Format:

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

724

`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

725

// of the `short_name` component is 50 characters. (required)

726

body: object, The request body.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

727

The object takes the form of:

728

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

729

{ # An `AccessLevel` is a label that can be applied to requests to Google Cloud

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

730

# services, along with a list of requirements necessary for the label to be

731

# applied.

732

"title": "A String", # Human readable title. Must be unique within the Policy.

733

"name": "A String", # Required. Resource name for the Access Level. The `short_name` component

734

# must begin with a letter and only include alphanumeric and '_'. Format:

735

# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length

736

# // of the `short_name` component is 50 characters.

737

"basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`.

738

"combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is

739

# granted this `AccessLevel`. If AND is used, each `Condition` in

740

# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR

741

# is used, at least one `Condition` in `conditions` must be satisfied for the

742

# `AccessLevel` to be applied. Default behavior is AND.

743

"conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted.

744

{ # A condition necessary for an `AccessLevel` to be granted. The Condition is an

745

# AND over its fields. So a Condition is true if: 1) the request IP is from one

746

# of the listed subnetworks AND 2) the originating device complies with the

747

# listed device policy AND 3) all listed access levels are granted AND 4) the

748

# request was sent at a time allowed by the DateTimeRestriction.

749

"regions": [ # The request must originate from one of the provided countries/regions.

750

# Must be valid ISO 3166-1 alpha-2 codes.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

751

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

752

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

753

"ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for

754

# a CIDR IP address block, the specified IP address portion must be properly

755

# truncated (i.e. all the host bits must be zero) or the input is considered

756

# malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is

757

# not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas

758

# "2001:db8::1/32" is not. The originating IP of a request must be in one of

759

# the listed subnets in order for this Condition to be true. If empty, all IP

760

# addresses are allowed.

761

"A String",

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

762

],

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

763

"devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the

764

# Condition to be true. If not specified, all devices are allowed.

765

# given access level. A `DevicePolicy` specifies requirements for requests from

766

# devices to be granted access levels, it does not do any enforcement on the

767

# device. `DevicePolicy` acts as an AND over all specified fields, and each

768

# repeated field is an OR over its elements. Any unset fields are ignored. For

769

# example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :

770

# DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be

771

# true for requests originating from encrypted Linux desktops and encrypted

772

# Windows desktops.

773

"requireCorpOwned": True or False, # Whether the device needs to be corp owned.

774

"allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses.

775

"A String",

776

],

777

"allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management

# levels.

"A String",

],

"osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions.

782

{ # A restriction on the OS type and version of devices making requests.

783

"minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS

784

# satisfies the constraint. Format: `"major.minor.patch"`.

785

# Examples: `"10.5.301"`, `"9.2.1"`.

786

"requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS.

787

# Verifications includes requirements that the device is enterprise-managed,

788

# conformant to domain policies, and the caller has permission to call

789

# the API targeted by the request.

790

"osType": "A String", # Required. The allowed OS type.

791

},

792

],

793

"requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin.

794

"requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true.

795

# Defaults to `false`.

796

},

797

"requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by

798

# resource name. Referencing an `AccessLevel` which does not exist is an

799

# error. All access levels listed must be granted for the Condition

800

# to be true. Example:

801

# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`

802

"A String",

803

],

804

"negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over

805

# its non-empty fields, each field must be false for the Condition overall to

806

# be satisfied. Defaults to false.

807

"members": [ # The request must be made by one of the provided user or service

808

# accounts. Groups are not supported.

809

# Syntax:

810

# `user:{emailid}`

811

# `serviceAccount:{emailid}`

812

# If not specified, a request may come from any user.

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

813

"A String",

814

],

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

815

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

816

],

817

},

818

"description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior.

819

"custom": { # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language # A `CustomLevel` written in the Common Expression Language.

820

# to represent the necessary conditions for the level to apply to a request.

821

# See CEL spec at: https://github.com/google/cel-spec

822

"expr": { # Represents a textual expression in the Common Expression Language (CEL) # Required. A Cloud CEL expression evaluating to a boolean.

823

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

824

# are documented at https://github.com/google/cel-spec.

825

#

826

# Example (Comparison):

827

#

828

# title: "Summary size limit"

829

# description: "Determines if a summary is less than 100 chars"

830

# expression: "document.summary.size() < 100"

831

#

832

# Example (Equality):

833

#

834

# title: "Requestor is owner"

835

# description: "Determines if requestor is the document owner"

836

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

841

# description: "Determine whether the document should be publicly visible"

842

# expression: "document.type != 'private' && document.type != 'internal'"

843

#

844

# Example (Data Manipulation):

845

#

846

# title: "Notification string"

847

# description: "Create a notification string with a timestamp."

848

# expression: "'New message received at ' + string(document.create_time)"

849

#

850

# The exact variables and functions that may be referenced within an expression

851

# are determined by the service that evaluates it. See the service

852

# documentation for additional information.

853

"description": "A String", # Optional. Description of the expression. This is a longer text which

854

# describes the expression, e.g. when hovered over it in a UI.

855

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

856

# its purpose. This can be used e.g. in UIs which allow to enter the

857

# expression.

858

"location": "A String", # Optional. String indicating the location of the expression for error

859

# reporting, e.g. a file name and a position in the file.

860

"expression": "A String", # Textual representation of an expression in Common Expression Language

861

# syntax.

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

862

},

Bu Sun Kim

2020-07-22 17:02:09 -0700

[diff] [blame^]

863

},

864

}

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

865

Dan O'Meara

2020-05-01 07:42:23 -0700

[diff] [blame]

866

updateMask: string, Required. Mask to control which fields get updated. Must be non-empty.

Bu Sun Kim

2019-06-14 16:50:42 -0700

[diff] [blame]

867

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

874

875

{ # This resource represents a long-running operation that is the result of a

876

# network API call.

Bu Sun Kim

2020-05-20 12:08:20 -0700

[diff] [blame]

877

"metadata": { # Service-specific metadata associated with the operation. It typically

878

# contains progress information and common metadata such as create time.

879

# Some services might not provide such metadata. Any method that returns a

880

# long-running operation should document the metadata type, if any.

881

"a_key": "", # Properties of the object. Contains field @type with type URL.

882

},

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

883

"response": { # The normal response of the operation in case of success. If the original

884

# method returns no data on success, such as `Delete`, the response is

885

# `google.protobuf.Empty`. If the original method is standard

886

# `Get`/`Create`/`Update`, the response should be the resource. For other

887

# methods, the response should have the type `XxxResponse`, where `Xxx`

888

# is the original method name. For example, if the original method name

889

# is `TakeSnapshot()`, the inferred response type is

890

# `TakeSnapshotResponse`.

891

"a_key": "", # Properties of the object. Contains field @type with type URL.

892

},

Bu Sun Kim