Blame - docs/dyn/gameservices_v1.projects.locations.gameServerDeployments.html - platform/external/python/google-api-python-client

<h1><a href="gameservices_v1.html">Game Services API</a> . <a href="gameservices_v1.projects.html">projects</a> . <a href="gameservices_v1.projects.locations.html">locations</a> . <a href="gameservices_v1.projects.locations.gameServerDeployments.html">gameServerDeployments</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="gameservices_v1.projects.locations.gameServerDeployments.configs.html">configs()</a></code>

79

</p>

80

<p class="firstline">Returns the configs Resource.</p>

81

82

83

<code><a href="#create">create(parent, body=None, deploymentId=None, x__xgafv=None)</a></code></p>

84

<p class="firstline">Creates a new game server deployment in a given project and location.</p>

85

86

<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>

87

<p class="firstline">Deletes a single game server deployment.</p>

88

89

<code><a href="#fetchDeploymentState">fetchDeploymentState(name, body=None, x__xgafv=None)</a></code></p>

90

<p class="firstline">Retrieves information about the current state of the game server</p>

91

92

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

93

<p class="firstline">Gets details of a single game server deployment.</p>

94

95

<code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>

96

<p class="firstline">Gets the access control policy for a resource.</p>

97

98

<code><a href="#getRollout">getRollout(name, x__xgafv=None)</a></code></p>

99

<p class="firstline">Gets details a single game server deployment rollout.</p>

100

101

<code><a href="#list">list(parent, filter=None, orderBy=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>

102

<p class="firstline">Lists game server deployments in a given project and location.</p>

103

104

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

105

<p class="firstline">Retrieves the next page of results.</p>

106

107

<code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

108

<p class="firstline">Patches a game server deployment.</p>

109

110

<code><a href="#previewRollout">previewRollout(name, body=None, updateMask=None, previewTime=None, x__xgafv=None)</a></code></p>

111

<p class="firstline">Previews the game server deployment rollout. This API does not mutate the</p>

112

113

<code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>

114

<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>

115

116

<code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p>

117

<p class="firstline">Returns permissions that a caller has on the specified resource.</p>

118

119

<code><a href="#updateRollout">updateRollout(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>

120

<p class="firstline">Patches a single game server deployment rollout.</p>

121

<h3>Method Details</h3>

122

123

<code class="details" id="create">create(parent, body=None, deploymentId=None, x__xgafv=None)</code>

124

<pre>Creates a new game server deployment in a given project and location.

125

126

Args:

127

parent: string, Required. The parent resource name. Uses the form:

128

`projects/{project}/locations/{location}`. (required)

129

body: object, The request body.

130

The object takes the form of:

131

132

{ # A game server deployment resource.

133

"description": "A String", # Human readable description of the game server delpoyment.

134

"name": "A String", # The resource name of the game server deployment. Uses the form:

135

#

136

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

137

# For example,

138

#

139

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

140

"createTime": "A String", # Output only. The creation time.

141

"updateTime": "A String", # Output only. The last-modified time.

142

"etag": "A String", # ETag of the resource.

143

"labels": { # The labels associated with this game server deployment. Each label is a

# key-value pair.

"a_key": "A String",

},

}

deploymentId: string, Required. The ID of the game server delpoyment resource to be created.

150

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

157

158

{ # This resource represents a long-running operation that is the result of a

159

# network API call.

160

"name": "A String", # The server-assigned name, which is only unique within the same service that

161

# originally returns it. If you use the default HTTP mapping, the

162

# `name` should be a resource name ending with `operations/{unique_id}`.

163

"metadata": { # Service-specific metadata associated with the operation. It typically

164

# contains progress information and common metadata such as create time.

165

# Some services might not provide such metadata. Any method that returns a

166

# long-running operation should document the metadata type, if any.

167

"a_key": "", # Properties of the object. Contains field @type with type URL.

168

},

169

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

170

# different programming environments, including REST APIs and RPC APIs. It is

171

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

172

# three pieces of data: error code, error message, and error details.

173

#

174

# You can find out more about this error model and how to work with it in the

175

# [API Design Guide](https://cloud.google.com/apis/design/errors).

176

"message": "A String", # A developer-facing error message, which should be in English. Any

177

# user-facing error message should be localized and sent in the

178

# google.rpc.Status.details field, or localized by the client.

179

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

180

"details": [ # A list of messages that carry the error details. There is a common set of

181

# message types for APIs to use.

182

{

183

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"done": True or False, # If the value is `false`, it means the operation is still in progress.

188

# If `true`, the operation is completed, and either `error` or `response` is

189

# available.

190

"response": { # The normal response of the operation in case of success. If the original

191

# method returns no data on success, such as `Delete`, the response is

192

# `google.protobuf.Empty`. If the original method is standard

193

# `Get`/`Create`/`Update`, the response should be the resource. For other

194

# methods, the response should have the type `XxxResponse`, where `Xxx`

195

# is the original method name. For example, if the original method name

196

# is `TakeSnapshot()`, the inferred response type is

197

# `TakeSnapshotResponse`.

198

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="delete">delete(name, x__xgafv=None)</code>

205

<pre>Deletes a single game server deployment.

206

207

Args:

208

name: string, Required. The name of the game server delpoyment to delete. Uses the form:

209

210

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

211

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

218

219

{ # This resource represents a long-running operation that is the result of a

220

# network API call.

221

"name": "A String", # The server-assigned name, which is only unique within the same service that

222

# originally returns it. If you use the default HTTP mapping, the

223

# `name` should be a resource name ending with `operations/{unique_id}`.

224

"metadata": { # Service-specific metadata associated with the operation. It typically

225

# contains progress information and common metadata such as create time.

226

# Some services might not provide such metadata. Any method that returns a

227

# long-running operation should document the metadata type, if any.

228

"a_key": "", # Properties of the object. Contains field @type with type URL.

229

},

230

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

231

# different programming environments, including REST APIs and RPC APIs. It is

232

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

233

# three pieces of data: error code, error message, and error details.

234

#

235

# You can find out more about this error model and how to work with it in the

236

# [API Design Guide](https://cloud.google.com/apis/design/errors).

237

"message": "A String", # A developer-facing error message, which should be in English. Any

238

# user-facing error message should be localized and sent in the

239

# google.rpc.Status.details field, or localized by the client.

240

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

241

"details": [ # A list of messages that carry the error details. There is a common set of

242

# message types for APIs to use.

243

{

244

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"done": True or False, # If the value is `false`, it means the operation is still in progress.

249

# If `true`, the operation is completed, and either `error` or `response` is

250

# available.

251

"response": { # The normal response of the operation in case of success. If the original

252

# method returns no data on success, such as `Delete`, the response is

253

# `google.protobuf.Empty`. If the original method is standard

254

# `Get`/`Create`/`Update`, the response should be the resource. For other

255

# methods, the response should have the type `XxxResponse`, where `Xxx`

256

# is the original method name. For example, if the original method name

257

# is `TakeSnapshot()`, the inferred response type is

258

# `TakeSnapshotResponse`.

259

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="fetchDeploymentState">fetchDeploymentState(name, body=None, x__xgafv=None)</code>

266

<pre>Retrieves information about the current state of the game server

267

deployment. Gathers all the Agones fleets and Agones autoscalers,

268

including fleets running an older version of the game server deployment.

269

270

Args:

271

name: string, Required. The name of the game server delpoyment. Uses the form:

272

273

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

274

body: object, The request body.

275

The object takes the form of:

276

277

{ # Request message for GameServerDeploymentsService.FetchDeploymentState.

278

}

279

280

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

287

288

{ # Response message for GameServerDeploymentsService.FetchDeploymentState.

289

"unavailable": [ # List of locations that could not be reached.

290

"A String",

291

],

292

"clusterState": [ # The state of the game server deployment in each game server cluster.

293

{ # The game server cluster changes made by the game server deployment.

294

"cluster": "A String", # The name of the cluster.

295

"fleetDetails": [ # The details about the Agones fleets and autoscalers created in the

296

# game server cluster.

297

{ # Details of the deployed Agones fleet.

298

"deployedFleet": { # Agones fleet specification and details. # Information about the Agones fleet.

299

"fleet": "A String", # The name of the Agones fleet.

300

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # The source spec that is used to create the Agones fleet.

301

# The GameServerConfig resource may no longer exist in the system.

302

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

303

#

304

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

305

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

306

# the Agones fleet or Agones autoscaler spec.

307

},

308

"fleetSpec": "A String", # The fleet spec retrieved from the Agones fleet.

309

"status": { # DeployedFleetStatus has details about the Agones fleets such as how many # The current status of the Agones fleet.

310

# Includes count of game servers in various states.

311

# are running, how many allocated, and so on.

312

"readyReplicas": "A String", # The number of GameServer replicas in the READY state in this fleet.

313

"reservedReplicas": "A String", # The number of GameServer replicas in the RESERVED state in this fleet.

314

# Reserved instances won't be deleted on scale down, but won't cause

315

# an autoscaler to scale up.

316

"replicas": "A String", # The total number of current GameServer replicas in this fleet.

317

"allocatedReplicas": "A String", # The number of GameServer replicas in the ALLOCATED state in this fleet.

318

},

319

},

320

"deployedAutoscaler": { # Details about the Agones autoscaler. # Information about the Agones autoscaler for that fleet.

321

"autoscaler": "A String", # The name of the Agones autoscaler.

322

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # The source spec that is used to create the autoscaler.

323

# The GameServerConfig resource may no longer exist in the system.

324

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

325

#

326

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

327

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

328

# the Agones fleet or Agones autoscaler spec.

329

},

330

"fleetAutoscalerSpec": "A String", # The autoscaler spec retrieved from Agones.

},

},

],

},

],

}</pre>

</div>

<code class="details" id="get">get(name, x__xgafv=None)</code>

341

<pre>Gets details of a single game server deployment.

342

343

Args:

344

name: string, Required. The name of the game server delpoyment to retrieve. Uses the form:

345

346

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`. (required)

347

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

354

355

{ # A game server deployment resource.

356

"description": "A String", # Human readable description of the game server delpoyment.

357

"name": "A String", # The resource name of the game server deployment. Uses the form:

358

#

359

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

360

# For example,

361

#

362

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

363

"createTime": "A String", # Output only. The creation time.

364

"updateTime": "A String", # Output only. The last-modified time.

365

"etag": "A String", # ETag of the resource.

366

"labels": { # The labels associated with this game server deployment. Each label is a

# key-value pair.

"a_key": "A String",

},

}</pre>

</div>

<code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code>

375

<pre>Gets the access control policy for a resource.

376

Returns an empty policy if the resource exists and does not have a policy

set.

Args:

resource: string, REQUIRED: The resource for which the policy is being requested.

381

See the operation documentation for the appropriate value for this field. (required)

382

options_requestedPolicyVersion: integer, Optional. The policy format version to be returned.

383

384

Valid values are 0, 1, and 3. Requests specifying an invalid value will be

385

rejected.

386

387

Requests for policies with any conditional bindings must specify version 3.

388

Policies without any conditional bindings may specify any valid value or

389

leave the field unset.

390

391

To learn which resources support conditions in their IAM policies, see the

392

[IAM

393

documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

394

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

401

402

{ # An Identity and Access Management (IAM) policy, which specifies access

403

# controls for Google Cloud resources.

404

#

405

#

406

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

407

# `members` to a single `role`. Members can be user accounts, service accounts,

408

# Google groups, and domains (such as G Suite). A `role` is a named list of

409

# permissions; each `role` can be an IAM predefined role or a user-created

410

# custom role.

411

#

412

# For some types of Google Cloud resources, a `binding` can also specify a

413

# `condition`, which is a logical expression that allows access to a resource

414

# only if the expression evaluates to `true`. A condition can add constraints

415

# based on attributes of the request, the resource, or both. To learn which

416

# resources support conditions in their IAM policies, see the

417

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

425

# "members": [

426

# "user:mike@example.com",

427

# "group:admins@example.com",

428

# "domain:google.com",

429

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

434

# "members": [

435

# "user:eve@example.com"

436

# ],

437

# "condition": {

438

# "title": "expirable access",

439

# "description": "Does not grant access after Sep 2020",

440

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

453

# - group:admins@example.com

454

# - domain:google.com

455

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

456

# role: roles/resourcemanager.organizationAdmin

457

# - members:

458

# - user:eve@example.com

459

# role: roles/resourcemanager.organizationViewer

460

# condition:

461

# title: expirable access

462

# description: Does not grant access after Sep 2020

463

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

464

# - etag: BwWWja0YfJA=

465

# - version: 3

466

#

467

# For a description of IAM and its features, see the

468

# [IAM documentation](https://cloud.google.com/iam/docs/).

469

"rules": [ # If more than one rule is specified, the rules are applied in the following

470

# manner:

471

# - All matching LOG rules are always applied.

472

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

473

# Logging will be applied if one or more matching rule requires logging.

474

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

475

# granted.

476

# Logging will be applied if one or more matching rule requires logging.

477

# - Otherwise, if no rule applies, permission is denied.

478

{ # A rule to be applied in a Policy.

479

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

480

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

481

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

482

"A String",

483

],

484

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

485

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

486

# The format for in and not_in entries can be found at in the Local IAM

487

# documentation (see go/local-iam#features).

488

"A String",

489

],

490

"in": [ # If one or more 'in' clauses are specified, the rule matches if

491

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

492

"A String",

493

],

494

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

495

# rule to match.

496

{ # A condition to be met.

497

"iam": "A String", # Trusted attributes supplied by the IAM system.

498

"svc": "A String", # Trusted attributes discharged by the service.

499

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

500

# the IAM system for access control.

501

"values": [ # The objects of the condition.

502

"A String",

503

],

504

"op": "A String", # An operator to apply the subject with.

505

},

506

],

507

"action": "A String", # Required

508

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

509

# that match the LOG action.

510

{ # Specifies what kind of log the caller must write

511

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

512

"logMode": "A String",

513

},

514

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

515

#

516

# Metric names should start with a '/', generally be lowercase-only,

517

# and end in "_count". Field names should not contain an initial slash.

518

# The actual exported metric names will have "/iam/policy" prepended.

519

#

520

# Field names correspond to IAM request parameters and field values are

521

# their respective values.

522

#

523

# Supported field names:

524

# - "authority", which is "[token]" if IAMContext.token is present,

525

# otherwise the value of IAMContext.authority_selector if present, and

526

# otherwise a representation of IAMContext.principal; or

527

# - "iam_principal", a representation of IAMContext.principal even if a

528

# token or authority selector is present; or

529

# - "" (empty string), resulting in a counter with no fields.

530

#

531

# Examples:

532

# counter { metric: "/debug_access_count" field: "iam_principal" }

533

# ==> increment counter /iam/policy/debug_access_count

534

# {iam_principal=[value of IAMContext.principal]}

535

"customFields": [ # Custom fields.

536

{ # Custom fields.

537

# These can be used to create a counter with arbitrary field/value

538

# pairs.

539

# See: go/rpcsp-custom-fields.

540

"name": "A String", # Name is the field name.

541

"value": "A String", # Value is the field value. It is important that in contrast to the

542

# CounterOptions.field, the value here is a constant that is not

543

# derived from the IAMContext.

544

},

545

],

546

"metric": "A String", # The metric to update.

547

"field": "A String", # The field value to attribute.

548

},

549

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

550

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

551

"permissionType": "A String", # The type of the permission that was checked.

552

},

553

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

},

},

],

"description": "A String", # Human-readable description of the rule.

558

},

559

],

560

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

561

{ # Specifies the audit configuration for a service.

562

# The configuration determines which permission types are logged, and what

563

# identities, if any, are exempted from logging.

564

# An AuditConfig must have one or more AuditLogConfigs.

565

#

566

# If there are AuditConfigs for both `allServices` and a specific service,

567

# the union of the two AuditConfigs is used for that service: the log_types

568

# specified in each AuditConfig are enabled, and the exempted_members in each

569

# AuditLogConfig are exempted.

570

#

571

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

577

# "audit_log_configs": [

578

# {

579

# "log_type": "DATA_READ",

580

# "exempted_members": [

581

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

586

# },

587

# {

588

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

594

# "audit_log_configs": [

595

# {

596

# "log_type": "DATA_READ"

597

# },

598

# {

599

# "log_type": "DATA_WRITE",

600

# "exempted_members": [

601

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

610

# logging. It also exempts jose@example.com from DATA_READ logging, and

611

# aliya@example.com from DATA_WRITE logging.

612

"auditLogConfigs": [ # The configuration for logging of each type of permission.

613

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

618

# {

619

# "log_type": "DATA_READ",

620

# "exempted_members": [

621

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

631

# jose@example.com from DATA_READ logging.

632

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

633

# permission.

634

# Follows the same format of Binding.members.

635

"A String",

636

],

637

"logType": "A String", # The log type that this config enables.

638

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

645

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

646

# `allServices` is a special value that covers all services.

647

},

648

],

649

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

650

# `condition` that determines how and when the `bindings` are applied. Each

651

# of the `bindings` must contain at least one member.

652

{ # Associates `members` with a `role`.

653

"role": "A String", # Role that is assigned to `members`.

654

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

655

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

656

# `members` can have the following values:

657

#

658

# * `allUsers`: A special identifier that represents anyone who is

659

# on the internet; with or without a Google account.

660

#

661

# * `allAuthenticatedUsers`: A special identifier that represents anyone

662

# who is authenticated with a Google account or a service account.

663

#

664

# * `user:{emailid}`: An email address that represents a specific Google

665

# account. For example, `alice@example.com` .

666

#

667

#

668

# * `serviceAccount:{emailid}`: An email address that represents a service

669

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

670

#

671

# * `group:{emailid}`: An email address that represents a Google group.

672

# For example, `admins@example.com`.

673

#

674

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

675

# identifier) representing a user that has been recently deleted. For

676

# example, `alice@example.com?uid=123456789012345678901`. If the user is

677

# recovered, this value reverts to `user:{emailid}` and the recovered user

678

# retains the role in the binding.

679

#

680

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

681

# unique identifier) representing a service account that has been recently

682

# deleted. For example,

683

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

684

# If the service account is undeleted, this value reverts to

685

# `serviceAccount:{emailid}` and the undeleted service account retains the

686

# role in the binding.

687

#

688

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

689

# identifier) representing a Google group that has been recently

690

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

691

# the group is recovered, this value reverts to `group:{emailid}` and the

692

# recovered group retains the role in the binding.

693

#

694

#

695

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

696

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

701

#

702

# If the condition evaluates to `true`, then this binding applies to the

703

# current request.

704

#

705

# If the condition evaluates to `false`, then this binding does not apply to

706

# the current request. However, a different role binding might grant the same

707

# role to one or more of the members in this binding.

708

#

709

# To learn which resources support conditions in their IAM policies, see the

710

# [IAM

711

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

712

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

713

# are documented at https://github.com/google/cel-spec.

714

#

715

# Example (Comparison):

716

#

717

# title: "Summary size limit"

718

# description: "Determines if a summary is less than 100 chars"

719

# expression: "document.summary.size() < 100"

720

#

721

# Example (Equality):

722

#

723

# title: "Requestor is owner"

724

# description: "Determines if requestor is the document owner"

725

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

730

# description: "Determine whether the document should be publicly visible"

731

# expression: "document.type != 'private' && document.type != 'internal'"

732

#

733

# Example (Data Manipulation):

734

#

735

# title: "Notification string"

736

# description: "Create a notification string with a timestamp."

737

# expression: "'New message received at ' + string(document.create_time)"

738

#

739

# The exact variables and functions that may be referenced within an expression

740

# are determined by the service that evaluates it. See the service

741

# documentation for additional information.

742

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

743

# its purpose. This can be used e.g. in UIs which allow to enter the

744

# expression.

745

"location": "A String", # Optional. String indicating the location of the expression for error

746

# reporting, e.g. a file name and a position in the file.

747

"description": "A String", # Optional. Description of the expression. This is a longer text which

748

# describes the expression, e.g. when hovered over it in a UI.

749

"expression": "A String", # Textual representation of an expression in Common Expression Language

# syntax.

},

},

],

"iamOwned": True or False,

755

"version": 42, # Specifies the format of the policy.

756

#

757

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

758

# are rejected.

759

#

760

# Any operation that affects conditional role bindings must specify version

761

# `3`. This requirement applies to the following operations:

762

#

763

# * Getting a policy that includes a conditional role binding

764

# * Adding a conditional role binding to a policy

765

# * Changing a conditional role binding in a policy

766

# * Removing any role binding, with or without a condition, from a policy

767

# that includes conditions

768

#

769

# **Important:** If you use IAM Conditions, you must include the `etag` field

770

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

771

# you to overwrite a version `3` policy with a version `1` policy, and all of

772

# the conditions in the version `3` policy are lost.

773

#

774

# If a policy does not include any conditions, operations on that policy may

775

# specify any valid version or leave the field unset.

776

#

777

# To learn which resources support conditions in their IAM policies, see the

778

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

779

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

780

# prevent simultaneous updates of a policy from overwriting each other.

781

# It is strongly suggested that systems make use of the `etag` in the

782

# read-modify-write cycle to perform policy updates in order to avoid race

783

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

784

# systems are expected to put that etag in the request to `setIamPolicy` to

785

# ensure that their change will be applied to the same version of the policy.

786

#

787

# **Important:** If you use IAM Conditions, you must include the `etag` field

788

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

789

# you to overwrite a version `3` policy with a version `1` policy, and all of

790

# the conditions in the version `3` policy are lost.

}</pre>

</div>

<code class="details" id="getRollout">getRollout(name, x__xgafv=None)</code>

796

<pre>Gets details a single game server deployment rollout.

797

798

Args:

799

name: string, Required. The name of the game server delpoyment to retrieve. Uses the form:

800

801

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`. (required)

802

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

809

810

{ # The game server deployment rollout which represents the desired rollout

811

# state.

812

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

813

# in the rollout. For example,

814

#

815

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

816

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

817

#

818

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

819

# For example,

820

#

821

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

822

"updateTime": "A String", # Output only. The last-modified time.

823

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

824

# in the order they are listed. Once a match is found for a realm, the rest

825

# of the list is not processed.

826

{ # A game server config override.

827

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

828

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

833

},

834

],

835

"createTime": "A String", # Output only. The creation time.

836

"etag": "A String", # ETag of the resource.

}</pre>

</div>

<code class="details" id="list">list(parent, filter=None, orderBy=None, pageToken=None, pageSize=None, x__xgafv=None)</code>

842

<pre>Lists game server deployments in a given project and location.

843

844

Args:

845

parent: string, Required. The parent resource name. Uses the form:

846

`projects/{project}/locations/{location}`. (required)

847

filter: string, Optional. The filter to apply to list results.

848

orderBy: string, Optional. Specifies the ordering of results following syntax at

849

https://cloud.google.com/apis/design/design_patterns#sorting_order.

850

pageToken: string, Optional. The next_page_token value returned from a previous List request,

851

if any.

852

pageSize: integer, Optional. The maximum number of items to return. If unspecified, the server

853

will pick an appropriate default. The server may return fewer items than

854

requested. A caller should only rely on response's

855

next_page_token to

856

determine if there are more GameServerDeployments left to be queried.

857

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

864

865

{ # Response message for GameServerDeploymentsService.ListGameServerDeployments.

866

"unreachable": [ # List of locations that could not be reached.

867

"A String",

868

],

869

"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more

870

# results in the list.

871

"gameServerDeployments": [ # The list of game server deployments.

872

{ # A game server deployment resource.

873

"description": "A String", # Human readable description of the game server delpoyment.

874

"name": "A String", # The resource name of the game server deployment. Uses the form:

875

#

876

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

877

# For example,

878

#

879

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

880

"createTime": "A String", # Output only. The creation time.

881

"updateTime": "A String", # Output only. The last-modified time.

882

"etag": "A String", # ETag of the resource.

883

"labels": { # The labels associated with this game server deployment. Each label is a

# key-value pair.

"a_key": "A String",

},

},

],

}</pre>

</div>

<code class="details" id="list_next">list_next(previous_request, previous_response)</code>

894

<pre>Retrieves the next page of results.

895

896

Args:

897

previous_request: The request for the previous page. (required)

898

previous_response: The response from the request for the previous page. (required)

899

900

Returns:

901

A request object that you can call 'execute()' on to request the next

902

page. Returns None if there are no more items in the collection.

</pre>

</div>

<code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>

908

<pre>Patches a game server deployment.

909

910

Args:

911

name: string, The resource name of the game server deployment. Uses the form:

912

913

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

914

For example,

915

916

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment`. (required)

917

body: object, The request body.

918

The object takes the form of:

919

920

{ # A game server deployment resource.

921

"description": "A String", # Human readable description of the game server delpoyment.

922

"name": "A String", # The resource name of the game server deployment. Uses the form:

923

#

924

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}`.

925

# For example,

926

#

927

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`.

928

"createTime": "A String", # Output only. The creation time.

929

"updateTime": "A String", # Output only. The last-modified time.

930

"etag": "A String", # ETag of the resource.

931

"labels": { # The labels associated with this game server deployment. Each label is a

# key-value pair.

"a_key": "A String",

},

}

updateMask: string, Required. Mask of fields to update. At least one path must be supplied in

938

this field. For the `FieldMask` definition, see

939

940

https:

941

//developers.google.com/protocol-buffers

942

// /docs/reference/google.protobuf#fieldmask

943

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

950

951

{ # This resource represents a long-running operation that is the result of a

952

# network API call.

953

"name": "A String", # The server-assigned name, which is only unique within the same service that

954

# originally returns it. If you use the default HTTP mapping, the

955

# `name` should be a resource name ending with `operations/{unique_id}`.

956

"metadata": { # Service-specific metadata associated with the operation. It typically

957

# contains progress information and common metadata such as create time.

958

# Some services might not provide such metadata. Any method that returns a

959

# long-running operation should document the metadata type, if any.

960

"a_key": "", # Properties of the object. Contains field @type with type URL.

961

},

962

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

963

# different programming environments, including REST APIs and RPC APIs. It is

964

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

965

# three pieces of data: error code, error message, and error details.

966

#

967

# You can find out more about this error model and how to work with it in the

968

# [API Design Guide](https://cloud.google.com/apis/design/errors).

969

"message": "A String", # A developer-facing error message, which should be in English. Any

970

# user-facing error message should be localized and sent in the

971

# google.rpc.Status.details field, or localized by the client.

972

"code": 42, # The status code, which should be an enum value of google.rpc.Code.

973

"details": [ # A list of messages that carry the error details. There is a common set of

974

# message types for APIs to use.

975

{

976

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

],

},

"done": True or False, # If the value is `false`, it means the operation is still in progress.

981

# If `true`, the operation is completed, and either `error` or `response` is

982

# available.

983

"response": { # The normal response of the operation in case of success. If the original

984

# method returns no data on success, such as `Delete`, the response is

985

# `google.protobuf.Empty`. If the original method is standard

986

# `Get`/`Create`/`Update`, the response should be the resource. For other

987

# methods, the response should have the type `XxxResponse`, where `Xxx`

988

# is the original method name. For example, if the original method name

989

# is `TakeSnapshot()`, the inferred response type is

990

# `TakeSnapshotResponse`.

991

"a_key": "", # Properties of the object. Contains field @type with type URL.

},

}</pre>

</div>

<code class="details" id="previewRollout">previewRollout(name, body=None, updateMask=None, previewTime=None, x__xgafv=None)</code>

998

<pre>Previews the game server deployment rollout. This API does not mutate the

rollout resource.

Args:

name: string, The resource name of the game server deployment rollout. Uses the form:

1003

1004

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1005

For example,

1006

1007

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`. (required)

1008

body: object, The request body.

1009

The object takes the form of:

1010

1011

{ # The game server deployment rollout which represents the desired rollout

1012

# state.

1013

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

1014

# in the rollout. For example,

1015

#

1016

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

1017

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

1018

#

1019

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1020

# For example,

1021

#

1022

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

1023

"updateTime": "A String", # Output only. The last-modified time.

1024

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

1025

# in the order they are listed. Once a match is found for a realm, the rest

1026

# of the list is not processed.

1027

{ # A game server config override.

1028

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

1029

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

1034

},

1035

],

1036

"createTime": "A String", # Output only. The creation time.

1037

"etag": "A String", # ETag of the resource.

1038

}

1039

1040

updateMask: string, Optional. Mask of fields to update. At least one path must be supplied in

1041

this field. For the `FieldMask` definition, see

1042

1043

https:

1044

//developers.google.com/protocol-buffers

1045

// /docs/reference/google.protobuf#fieldmask

1046

previewTime: string, Optional. The target timestamp to compute the preview. Defaults to the immediately

1047

after the proposed rollout completes.

1048

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1055

1056

{ # Response message for PreviewGameServerDeploymentRollout.

1057

# This has details about the Agones fleet and autoscaler to be actuated.

1058

"targetState": { # Encapsulates the Target state. # The target state.

1059

"details": [ # Details about Agones fleets.

1060

{ # Details about the Agones resources.

1061

"gameServerDeploymentName": "A String", # The game server deployment name. Uses the form:

1062

#

1063

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}`.

1064

"gameServerClusterName": "A String", # The game server cluster name. Uses the form:

1065

#

1066

# `projects/{project}/locations/{location}/realms/{realm}/gameServerClusters/{cluster}`.

1067

"fleetDetails": [ # Agones fleet details for game server clusters and game server deployments.

1068

{ # Details of the target Agones fleet.

1069

"autoscaler": { # Target Agones autoscaler policy reference. # Reference to target Agones fleet autoscaling policy.

1070

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # Encapsulates the source of the Agones fleet spec.

1071

# Details about the Agones autoscaler spec.

1072

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

1073

#

1074

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

1075

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

1076

# the Agones fleet or Agones autoscaler spec.

1077

},

1078

"name": "A String", # The name of the Agones autoscaler.

1079

},

1080

"fleet": { # Target Agones fleet specification. # Reference to target Agones fleet.

1081

"name": "A String", # The name of the Agones fleet.

1082

"specSource": { # Encapsulates Agones fleet spec and Agones autoscaler spec sources. # Encapsulates the source of the Agones fleet spec.

1083

# The Agones fleet spec source.

1084

"gameServerConfigName": "A String", # The game server config resource. Uses the form:

1085

#

1086

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`.

1087

"name": "A String", # The name of the Agones leet config or Agones scaling config used to derive

1088

# the Agones fleet or Agones autoscaler spec.

},

},

},

],

},

],

},

"unavailable": [ # Locations that could not be reached on this request.

1097

"A String",

1098

],

1099

"etag": "A String", # ETag of the game server deployment.

}</pre>

</div>

<code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>

1105

<pre>Sets the access control policy on the specified resource. Replaces any

1106

existing policy.

1107

1108

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

1109

1110

Args:

1111

resource: string, REQUIRED: The resource for which the policy is being specified.

1112

See the operation documentation for the appropriate value for this field. (required)

1113

body: object, The request body.

1114

The object takes the form of:

1115

1116

{ # Request message for `SetIamPolicy` method.

1117

"policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of

1118

# the policy is limited to a few 10s of KB. An empty policy is a

1119

# valid policy but certain Cloud Platform services (such as Projects)

1120

# might reject them.

1121

# controls for Google Cloud resources.

1122

#

1123

#

1124

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1125

# `members` to a single `role`. Members can be user accounts, service accounts,

1126

# Google groups, and domains (such as G Suite). A `role` is a named list of

1127

# permissions; each `role` can be an IAM predefined role or a user-created

1128

# custom role.

1129

#

1130

# For some types of Google Cloud resources, a `binding` can also specify a

1131

# `condition`, which is a logical expression that allows access to a resource

1132

# only if the expression evaluates to `true`. A condition can add constraints

1133

# based on attributes of the request, the resource, or both. To learn which

1134

# resources support conditions in their IAM policies, see the

1135

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1143

# "members": [

1144

# "user:mike@example.com",

1145

# "group:admins@example.com",

1146

# "domain:google.com",

1147

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1152

# "members": [

1153

# "user:eve@example.com"

1154

# ],

1155

# "condition": {

1156

# "title": "expirable access",

1157

# "description": "Does not grant access after Sep 2020",

1158

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1171

# - group:admins@example.com

1172

# - domain:google.com

1173

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1174

# role: roles/resourcemanager.organizationAdmin

1175

# - members:

1176

# - user:eve@example.com

1177

# role: roles/resourcemanager.organizationViewer

1178

# condition:

1179

# title: expirable access

1180

# description: Does not grant access after Sep 2020

1181

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1182

# - etag: BwWWja0YfJA=

1183

# - version: 3

1184

#

1185

# For a description of IAM and its features, see the

1186

# [IAM documentation](https://cloud.google.com/iam/docs/).

1187

"rules": [ # If more than one rule is specified, the rules are applied in the following

1188

# manner:

1189

# - All matching LOG rules are always applied.

1190

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

1191

# Logging will be applied if one or more matching rule requires logging.

1192

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

1193

# granted.

1194

# Logging will be applied if one or more matching rule requires logging.

1195

# - Otherwise, if no rule applies, permission is denied.

1196

{ # A rule to be applied in a Policy.

1197

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

1198

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

1199

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

1200

"A String",

1201

],

1202

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

1203

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

1204

# The format for in and not_in entries can be found at in the Local IAM

1205

# documentation (see go/local-iam#features).

1206

"A String",

1207

],

1208

"in": [ # If one or more 'in' clauses are specified, the rule matches if

1209

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

1210

"A String",

1211

],

1212

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

1213

# rule to match.

1214

{ # A condition to be met.

1215

"iam": "A String", # Trusted attributes supplied by the IAM system.

1216

"svc": "A String", # Trusted attributes discharged by the service.

1217

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

1218

# the IAM system for access control.

1219

"values": [ # The objects of the condition.

1220

"A String",

1221

],

1222

"op": "A String", # An operator to apply the subject with.

1223

},

1224

],

1225

"action": "A String", # Required

1226

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

1227

# that match the LOG action.

1228

{ # Specifies what kind of log the caller must write

1229

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

1230

"logMode": "A String",

1231

},

1232

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

1233

#

1234

# Metric names should start with a '/', generally be lowercase-only,

1235

# and end in "_count". Field names should not contain an initial slash.

1236

# The actual exported metric names will have "/iam/policy" prepended.

1237

#

1238

# Field names correspond to IAM request parameters and field values are

1239

# their respective values.

1240

#

1241

# Supported field names:

1242

# - "authority", which is "[token]" if IAMContext.token is present,

1243

# otherwise the value of IAMContext.authority_selector if present, and

1244

# otherwise a representation of IAMContext.principal; or

1245

# - "iam_principal", a representation of IAMContext.principal even if a

1246

# token or authority selector is present; or

1247

# - "" (empty string), resulting in a counter with no fields.

1248

#

1249

# Examples:

1250

# counter { metric: "/debug_access_count" field: "iam_principal" }

1251

# ==> increment counter /iam/policy/debug_access_count

1252

# {iam_principal=[value of IAMContext.principal]}

1253

"customFields": [ # Custom fields.

1254

{ # Custom fields.

1255

# These can be used to create a counter with arbitrary field/value

1256

# pairs.

1257

# See: go/rpcsp-custom-fields.

1258

"name": "A String", # Name is the field name.

1259

"value": "A String", # Value is the field value. It is important that in contrast to the

1260

# CounterOptions.field, the value here is a constant that is not

1261

# derived from the IAMContext.

1262

},

1263

],

1264

"metric": "A String", # The metric to update.

1265

"field": "A String", # The field value to attribute.

1266

},

1267

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

1268

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

1269

"permissionType": "A String", # The type of the permission that was checked.

1270

},

1271

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

},

},

],

"description": "A String", # Human-readable description of the rule.

1276

},

1277

],

1278

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1279

{ # Specifies the audit configuration for a service.

1280

# The configuration determines which permission types are logged, and what

1281

# identities, if any, are exempted from logging.

1282

# An AuditConfig must have one or more AuditLogConfigs.

1283

#

1284

# If there are AuditConfigs for both `allServices` and a specific service,

1285

# the union of the two AuditConfigs is used for that service: the log_types

1286

# specified in each AuditConfig are enabled, and the exempted_members in each

1287

# AuditLogConfig are exempted.

1288

#

1289

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

1295

# "audit_log_configs": [

1296

# {

1297

# "log_type": "DATA_READ",

1298

# "exempted_members": [

1299

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

1304

# },

1305

# {

1306

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

1312

# "audit_log_configs": [

1313

# {

1314

# "log_type": "DATA_READ"

1315

# },

1316

# {

1317

# "log_type": "DATA_WRITE",

1318

# "exempted_members": [

1319

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1328

# logging. It also exempts jose@example.com from DATA_READ logging, and

1329

# aliya@example.com from DATA_WRITE logging.

1330

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1331

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1336

# {

1337

# "log_type": "DATA_READ",

1338

# "exempted_members": [

1339

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1349

# jose@example.com from DATA_READ logging.

1350

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1351

# permission.

1352

# Follows the same format of Binding.members.

1353

"A String",

1354

],

1355

"logType": "A String", # The log type that this config enables.

1356

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

1363

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1364

# `allServices` is a special value that covers all services.

1365

},

1366

],

1367

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1368

# `condition` that determines how and when the `bindings` are applied. Each

1369

# of the `bindings` must contain at least one member.

1370

{ # Associates `members` with a `role`.

1371

"role": "A String", # Role that is assigned to `members`.

1372

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1373

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1374

# `members` can have the following values:

1375

#

1376

# * `allUsers`: A special identifier that represents anyone who is

1377

# on the internet; with or without a Google account.

1378

#

1379

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1380

# who is authenticated with a Google account or a service account.

1381

#

1382

# * `user:{emailid}`: An email address that represents a specific Google

1383

# account. For example, `alice@example.com` .

1384

#

1385

#

1386

# * `serviceAccount:{emailid}`: An email address that represents a service

1387

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1388

#

1389

# * `group:{emailid}`: An email address that represents a Google group.

1390

# For example, `admins@example.com`.

1391

#

1392

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1393

# identifier) representing a user that has been recently deleted. For

1394

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1395

# recovered, this value reverts to `user:{emailid}` and the recovered user

1396

# retains the role in the binding.

1397

#

1398

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1399

# unique identifier) representing a service account that has been recently

1400

# deleted. For example,

1401

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1402

# If the service account is undeleted, this value reverts to

1403

# `serviceAccount:{emailid}` and the undeleted service account retains the

1404

# role in the binding.

1405

#

1406

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1407

# identifier) representing a Google group that has been recently

1408

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1409

# the group is recovered, this value reverts to `group:{emailid}` and the

1410

# recovered group retains the role in the binding.

1411

#

1412

#

1413

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1414

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1419

#

1420

# If the condition evaluates to `true`, then this binding applies to the

1421

# current request.

1422

#

1423

# If the condition evaluates to `false`, then this binding does not apply to

1424

# the current request. However, a different role binding might grant the same

1425

# role to one or more of the members in this binding.

1426

#

1427

# To learn which resources support conditions in their IAM policies, see the

1428

# [IAM

1429

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1430

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1431

# are documented at https://github.com/google/cel-spec.

1432

#

1433

# Example (Comparison):

1434

#

1435

# title: "Summary size limit"

1436

# description: "Determines if a summary is less than 100 chars"

1437

# expression: "document.summary.size() < 100"

1438

#

1439

# Example (Equality):

1440

#

1441

# title: "Requestor is owner"

1442

# description: "Determines if requestor is the document owner"

1443

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1448

# description: "Determine whether the document should be publicly visible"

1449

# expression: "document.type != 'private' && document.type != 'internal'"

1450

#

1451

# Example (Data Manipulation):

1452

#

1453

# title: "Notification string"

1454

# description: "Create a notification string with a timestamp."

1455

# expression: "'New message received at ' + string(document.create_time)"

1456

#

1457

# The exact variables and functions that may be referenced within an expression

1458

# are determined by the service that evaluates it. See the service

1459

# documentation for additional information.

1460

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1461

# its purpose. This can be used e.g. in UIs which allow to enter the

1462

# expression.

1463

"location": "A String", # Optional. String indicating the location of the expression for error

1464

# reporting, e.g. a file name and a position in the file.

1465

"description": "A String", # Optional. Description of the expression. This is a longer text which

1466

# describes the expression, e.g. when hovered over it in a UI.

1467

"expression": "A String", # Textual representation of an expression in Common Expression Language

# syntax.

},

},

],

"iamOwned": True or False,

1473

"version": 42, # Specifies the format of the policy.

1474

#

1475

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1476

# are rejected.

1477

#

1478

# Any operation that affects conditional role bindings must specify version

1479

# `3`. This requirement applies to the following operations:

1480

#

1481

# * Getting a policy that includes a conditional role binding

1482

# * Adding a conditional role binding to a policy

1483

# * Changing a conditional role binding in a policy

1484

# * Removing any role binding, with or without a condition, from a policy

1485

# that includes conditions

1486

#

1487

# **Important:** If you use IAM Conditions, you must include the `etag` field

1488

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1489

# you to overwrite a version `3` policy with a version `1` policy, and all of

1490

# the conditions in the version `3` policy are lost.

1491

#

1492

# If a policy does not include any conditions, operations on that policy may

1493

# specify any valid version or leave the field unset.

1494

#

1495

# To learn which resources support conditions in their IAM policies, see the

1496

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1497

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1498

# prevent simultaneous updates of a policy from overwriting each other.

1499

# It is strongly suggested that systems make use of the `etag` in the

1500

# read-modify-write cycle to perform policy updates in order to avoid race

1501

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1502

# systems are expected to put that etag in the request to `setIamPolicy` to

1503

# ensure that their change will be applied to the same version of the policy.

1504

#

1505

# **Important:** If you use IAM Conditions, you must include the `etag` field

1506

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1507

# you to overwrite a version `3` policy with a version `1` policy, and all of

1508

# the conditions in the version `3` policy are lost.

1509

},

1510

"updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only

1511

# the fields in the mask will be modified. If no mask is provided, the

1512

# following default mask is used:

1513

#

1514

# `paths: "bindings, etag"`

1515

}

1516

1517

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1524

1525

{ # An Identity and Access Management (IAM) policy, which specifies access

1526

# controls for Google Cloud resources.

1527

#

1528

#

1529

# A `Policy` is a collection of `bindings`. A `binding` binds one or more

1530

# `members` to a single `role`. Members can be user accounts, service accounts,

1531

# Google groups, and domains (such as G Suite). A `role` is a named list of

1532

# permissions; each `role` can be an IAM predefined role or a user-created

1533

# custom role.

1534

#

1535

# For some types of Google Cloud resources, a `binding` can also specify a

1536

# `condition`, which is a logical expression that allows access to a resource

1537

# only if the expression evaluates to `true`. A condition can add constraints

1538

# based on attributes of the request, the resource, or both. To learn which

1539

# resources support conditions in their IAM policies, see the

1540

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

#

# **JSON example:**

#

# {

# "bindings": [

# {

# "role": "roles/resourcemanager.organizationAdmin",

1548

# "members": [

1549

# "user:mike@example.com",

1550

# "group:admins@example.com",

1551

# "domain:google.com",

1552

# "serviceAccount:my-project-id@appspot.gserviceaccount.com"

# ]

# },

# {

# "role": "roles/resourcemanager.organizationViewer",

1557

# "members": [

1558

# "user:eve@example.com"

1559

# ],

1560

# "condition": {

1561

# "title": "expirable access",

1562

# "description": "Does not grant access after Sep 2020",

1563

# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",

# }

# }

# ],

# "etag": "BwWWja0YfJA=",

# "version": 3

# }

#

# **YAML example:**

#

# bindings:

# - members:

# - user:mike@example.com

1576

# - group:admins@example.com

1577

# - domain:google.com

1578

# - serviceAccount:my-project-id@appspot.gserviceaccount.com

1579

# role: roles/resourcemanager.organizationAdmin

1580

# - members:

1581

# - user:eve@example.com

1582

# role: roles/resourcemanager.organizationViewer

1583

# condition:

1584

# title: expirable access

1585

# description: Does not grant access after Sep 2020

1586

# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')

1587

# - etag: BwWWja0YfJA=

1588

# - version: 3

1589

#

1590

# For a description of IAM and its features, see the

1591

# [IAM documentation](https://cloud.google.com/iam/docs/).

1592

"rules": [ # If more than one rule is specified, the rules are applied in the following

1593

# manner:

1594

# - All matching LOG rules are always applied.

1595

# - If any DENY/DENY_WITH_LOG rule matches, permission is denied.

1596

# Logging will be applied if one or more matching rule requires logging.

1597

# - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is

1598

# granted.

1599

# Logging will be applied if one or more matching rule requires logging.

1600

# - Otherwise, if no rule applies, permission is denied.

1601

{ # A rule to be applied in a Policy.

1602

"permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'

1603

# (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,

1604

# and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.

1605

"A String",

1606

],

1607

"notIn": [ # If one or more 'not_in' clauses are specified, the rule matches

1608

# if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.

1609

# The format for in and not_in entries can be found at in the Local IAM

1610

# documentation (see go/local-iam#features).

1611

"A String",

1612

],

1613

"in": [ # If one or more 'in' clauses are specified, the rule matches if

1614

# the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.

1615

"A String",

1616

],

1617

"conditions": [ # Additional restrictions that must be met. All conditions must pass for the

1618

# rule to match.

1619

{ # A condition to be met.

1620

"iam": "A String", # Trusted attributes supplied by the IAM system.

1621

"svc": "A String", # Trusted attributes discharged by the service.

1622

"sys": "A String", # Trusted attributes supplied by any service that owns resources and uses

1623

# the IAM system for access control.

1624

"values": [ # The objects of the condition.

1625

"A String",

1626

],

1627

"op": "A String", # An operator to apply the subject with.

1628

},

1629

],

1630

"action": "A String", # Required

1631

"logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries

1632

# that match the LOG action.

1633

{ # Specifies what kind of log the caller must write

1634

"dataAccess": { # Write a Data Access (Gin) log # Data access options.

1635

"logMode": "A String",

1636

},

1637

"counter": { # Increment a streamz counter with the specified metric and field names. # Counter options.

1638

#

1639

# Metric names should start with a '/', generally be lowercase-only,

1640

# and end in "_count". Field names should not contain an initial slash.

1641

# The actual exported metric names will have "/iam/policy" prepended.

1642

#

1643

# Field names correspond to IAM request parameters and field values are

1644

# their respective values.

1645

#

1646

# Supported field names:

1647

# - "authority", which is "[token]" if IAMContext.token is present,

1648

# otherwise the value of IAMContext.authority_selector if present, and

1649

# otherwise a representation of IAMContext.principal; or

1650

# - "iam_principal", a representation of IAMContext.principal even if a

1651

# token or authority selector is present; or

1652

# - "" (empty string), resulting in a counter with no fields.

1653

#

1654

# Examples:

1655

# counter { metric: "/debug_access_count" field: "iam_principal" }

1656

# ==> increment counter /iam/policy/debug_access_count

1657

# {iam_principal=[value of IAMContext.principal]}

1658

"customFields": [ # Custom fields.

1659

{ # Custom fields.

1660

# These can be used to create a counter with arbitrary field/value

1661

# pairs.

1662

# See: go/rpcsp-custom-fields.

1663

"name": "A String", # Name is the field name.

1664

"value": "A String", # Value is the field value. It is important that in contrast to the

1665

# CounterOptions.field, the value here is a constant that is not

1666

# derived from the IAMContext.

1667

},

1668

],

1669

"metric": "A String", # The metric to update.

1670

"field": "A String", # The field value to attribute.

1671

},

1672

"cloudAudit": { # Write a Cloud Audit log # Cloud audit options.

1673

"authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline.

1674

"permissionType": "A String", # The type of the permission that was checked.

1675

},

1676

"logName": "A String", # The log_name to populate in the Cloud Audit Record.

},

},

],

"description": "A String", # Human-readable description of the rule.

1681

},

1682

],

1683

"auditConfigs": [ # Specifies cloud audit logging configuration for this policy.

1684

{ # Specifies the audit configuration for a service.

1685

# The configuration determines which permission types are logged, and what

1686

# identities, if any, are exempted from logging.

1687

# An AuditConfig must have one or more AuditLogConfigs.

1688

#

1689

# If there are AuditConfigs for both `allServices` and a specific service,

1690

# the union of the two AuditConfigs is used for that service: the log_types

1691

# specified in each AuditConfig are enabled, and the exempted_members in each

1692

# AuditLogConfig are exempted.

1693

#

1694

# Example Policy with multiple AuditConfigs:

#

# {

# "audit_configs": [

# {

# "service": "allServices",

1700

# "audit_log_configs": [

1701

# {

1702

# "log_type": "DATA_READ",

1703

# "exempted_members": [

1704

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

1709

# },

1710

# {

1711

# "log_type": "ADMIN_READ"

# }

# ]

# },

# {

# "service": "sampleservice.googleapis.com",

1717

# "audit_log_configs": [

1718

# {

1719

# "log_type": "DATA_READ"

1720

# },

1721

# {

1722

# "log_type": "DATA_WRITE",

1723

# "exempted_members": [

1724

# "user:aliya@example.com"

# ]

# }

# ]

# }

# ]

# }

#

# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ

1733

# logging. It also exempts jose@example.com from DATA_READ logging, and

1734

# aliya@example.com from DATA_WRITE logging.

1735

"auditLogConfigs": [ # The configuration for logging of each type of permission.

1736

{ # Provides the configuration for logging a type of permissions.

# Example:

#

# {

# "audit_log_configs": [

1741

# {

1742

# "log_type": "DATA_READ",

1743

# "exempted_members": [

1744

# "user:jose@example.com"

# ]

# },

# {

# "log_type": "DATA_WRITE"

# }

# ]

# }

#

# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting

1754

# jose@example.com from DATA_READ logging.

1755

"exemptedMembers": [ # Specifies the identities that do not cause logging for this type of

1756

# permission.

1757

# Follows the same format of Binding.members.

1758

"A String",

1759

],

1760

"logType": "A String", # The log type that this config enables.

1761

"ignoreChildExemptions": True or False,

},

],

"exemptedMembers": [

"A String",

],

"service": "A String", # Specifies a service that will be enabled for audit logging.

1768

# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.

1769

# `allServices` is a special value that covers all services.

1770

},

1771

],

1772

"bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a

1773

# `condition` that determines how and when the `bindings` are applied. Each

1774

# of the `bindings` must contain at least one member.

1775

{ # Associates `members` with a `role`.

1776

"role": "A String", # Role that is assigned to `members`.

1777

# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

1778

"members": [ # Specifies the identities requesting access for a Cloud Platform resource.

1779

# `members` can have the following values:

1780

#

1781

# * `allUsers`: A special identifier that represents anyone who is

1782

# on the internet; with or without a Google account.

1783

#

1784

# * `allAuthenticatedUsers`: A special identifier that represents anyone

1785

# who is authenticated with a Google account or a service account.

1786

#

1787

# * `user:{emailid}`: An email address that represents a specific Google

1788

# account. For example, `alice@example.com` .

1789

#

1790

#

1791

# * `serviceAccount:{emailid}`: An email address that represents a service

1792

# account. For example, `my-other-app@appspot.gserviceaccount.com`.

1793

#

1794

# * `group:{emailid}`: An email address that represents a Google group.

1795

# For example, `admins@example.com`.

1796

#

1797

# * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique

1798

# identifier) representing a user that has been recently deleted. For

1799

# example, `alice@example.com?uid=123456789012345678901`. If the user is

1800

# recovered, this value reverts to `user:{emailid}` and the recovered user

1801

# retains the role in the binding.

1802

#

1803

# * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus

1804

# unique identifier) representing a service account that has been recently

1805

# deleted. For example,

1806

# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.

1807

# If the service account is undeleted, this value reverts to

1808

# `serviceAccount:{emailid}` and the undeleted service account retains the

1809

# role in the binding.

1810

#

1811

# * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique

1812

# identifier) representing a Google group that has been recently

1813

# deleted. For example, `admins@example.com?uid=123456789012345678901`. If

1814

# the group is recovered, this value reverts to `group:{emailid}` and the

1815

# recovered group retains the role in the binding.

1816

#

1817

#

1818

# * `domain:{domain}`: The G Suite domain (primary) that represents all the

1819

# users of that domain. For example, `google.com` or `example.com`.

#

"A String",

],

"condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.

1824

#

1825

# If the condition evaluates to `true`, then this binding applies to the

1826

# current request.

1827

#

1828

# If the condition evaluates to `false`, then this binding does not apply to

1829

# the current request. However, a different role binding might grant the same

1830

# role to one or more of the members in this binding.

1831

#

1832

# To learn which resources support conditions in their IAM policies, see the

1833

# [IAM

1834

# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1835

# syntax. CEL is a C-like expression language. The syntax and semantics of CEL

1836

# are documented at https://github.com/google/cel-spec.

1837

#

1838

# Example (Comparison):

1839

#

1840

# title: "Summary size limit"

1841

# description: "Determines if a summary is less than 100 chars"

1842

# expression: "document.summary.size() < 100"

1843

#

1844

# Example (Equality):

1845

#

1846

# title: "Requestor is owner"

1847

# description: "Determines if requestor is the document owner"

1848

# expression: "document.owner == request.auth.claims.email"

#

# Example (Logic):

#

# title: "Public documents"

1853

# description: "Determine whether the document should be publicly visible"

1854

# expression: "document.type != 'private' && document.type != 'internal'"

1855

#

1856

# Example (Data Manipulation):

1857

#

1858

# title: "Notification string"

1859

# description: "Create a notification string with a timestamp."

1860

# expression: "'New message received at ' + string(document.create_time)"

1861

#

1862

# The exact variables and functions that may be referenced within an expression

1863

# are determined by the service that evaluates it. See the service

1864

# documentation for additional information.

1865

"title": "A String", # Optional. Title for the expression, i.e. a short string describing

1866

# its purpose. This can be used e.g. in UIs which allow to enter the

1867

# expression.

1868

"location": "A String", # Optional. String indicating the location of the expression for error

1869

# reporting, e.g. a file name and a position in the file.

1870

"description": "A String", # Optional. Description of the expression. This is a longer text which

1871

# describes the expression, e.g. when hovered over it in a UI.

1872

"expression": "A String", # Textual representation of an expression in Common Expression Language

# syntax.

},

},

],

"iamOwned": True or False,

1878

"version": 42, # Specifies the format of the policy.

1879

#

1880

# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value

1881

# are rejected.

1882

#

1883

# Any operation that affects conditional role bindings must specify version

1884

# `3`. This requirement applies to the following operations:

1885

#

1886

# * Getting a policy that includes a conditional role binding

1887

# * Adding a conditional role binding to a policy

1888

# * Changing a conditional role binding in a policy

1889

# * Removing any role binding, with or without a condition, from a policy

1890

# that includes conditions

1891

#

1892

# **Important:** If you use IAM Conditions, you must include the `etag` field

1893

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1894

# you to overwrite a version `3` policy with a version `1` policy, and all of

1895

# the conditions in the version `3` policy are lost.

1896

#

1897

# If a policy does not include any conditions, operations on that policy may

1898

# specify any valid version or leave the field unset.

1899

#

1900

# To learn which resources support conditions in their IAM policies, see the

1901

# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

1902

"etag": "A String", # `etag` is used for optimistic concurrency control as a way to help

1903

# prevent simultaneous updates of a policy from overwriting each other.

1904

# It is strongly suggested that systems make use of the `etag` in the

1905

# read-modify-write cycle to perform policy updates in order to avoid race

1906

# conditions: An `etag` is returned in the response to `getIamPolicy`, and

1907

# systems are expected to put that etag in the request to `setIamPolicy` to

1908

# ensure that their change will be applied to the same version of the policy.

1909

#

1910

# **Important:** If you use IAM Conditions, you must include the `etag` field

1911

# whenever you call `setIamPolicy`. If you omit this field, then IAM allows

1912

# you to overwrite a version `3` policy with a version `1` policy, and all of

1913

# the conditions in the version `3` policy are lost.

}</pre>

</div>

<code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>

1919

<pre>Returns permissions that a caller has on the specified resource.

1920

If the resource does not exist, this will return an empty set of

1921

permissions, not a `NOT_FOUND` error.

1922

1923

Note: This operation is designed to be used for building permission-aware

1924

UIs and command-line tools, not for authorization checking. This operation

1925

may "fail open" without warning.

1926

1927

Args:

1928

resource: string, REQUIRED: The resource for which the policy detail is being requested.

1929

See the operation documentation for the appropriate value for this field. (required)

1930

body: object, The request body.

1931

The object takes the form of:

1932

1933

{ # Request message for `TestIamPermissions` method.

1934

"permissions": [ # The set of permissions to check for the `resource`. Permissions with

1935

# wildcards (such as '*' or 'storage.*') are not allowed. For more

1936

# information see

1937

# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).

"A String",

],

}

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

1949

1950

{ # Response message for `TestIamPermissions` method.

1951

"permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is

# allowed.

"A String",

],

}</pre>

</div>

<code class="details" id="updateRollout">updateRollout(name, body=None, updateMask=None, x__xgafv=None)</code>

1960

<pre>Patches a single game server deployment rollout.

1961

The method will not return an error if the update does not affect any

1962

existing realms. For example - if the default_game_server_config is changed

1963

but all existing realms use the override, that is valid. Similarly, if a

1964

non existing realm is explicitly called out in game_server_config_overrides

1965

field, that will also not result in an error.

1966

1967

Args:

1968

name: string, The resource name of the game server deployment rollout. Uses the form:

1969

1970

`projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1971

For example,

1972

1973

`projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`. (required)

1974

body: object, The request body.

1975

The object takes the form of:

1976

1977

{ # The game server deployment rollout which represents the desired rollout

1978

# state.

1979

"defaultGameServerConfig": "A String", # The default game server config is applied to all realms unless overridden

1980

# in the rollout. For example,

1981

#

1982

# `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`.

1983

"name": "A String", # The resource name of the game server deployment rollout. Uses the form:

1984

#

1985

# `projects/{project}/locations/{location}/gameServerDeployments/{deployment}/rollout`.

1986

# For example,

1987

#

1988

# `projects/my-project/locations/{location}/gameServerDeployments/my-deployment/rollout`.

1989

"updateTime": "A String", # Output only. The last-modified time.

1990

"gameServerConfigOverrides": [ # Contains the game server config rollout overrides. Overrides are processed

1991

# in the order they are listed. Once a match is found for a realm, the rest

1992

# of the list is not processed.

1993

{ # A game server config override.

1994

"realmsSelector": { # The realm selector, used to match realm resources. # Selector for choosing applicable realms.

1995

"realms": [ # List of realms to match.

"A String",

],

},

"configVersion": "A String", # The game server config for this override.

2000

},

2001

],

2002

"createTime": "A String", # Output only. The creation time.

2003

"etag": "A String", # ETag of the resource.

2004

}

2005

2006

updateMask: string, Required. Mask of fields to update. At least one path must be supplied in

2007

this field. For the `FieldMask` definition, see

2008

2009

https:

2010

//developers.google.com/protocol-buffers

2011

// /docs/reference/google.protobuf#fieldmask

2012

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

2019

2020

{ # This resource represents a long-running operation that is the result of a

2021

# network API call.

2022

"name": "A String", # The server-assigned name, which is only unique within the same service that

2023

# originally returns it. If you use the default HTTP mapping, the

2024

# `name` should be a resource name ending with `operations/{unique_id}`.

2025

"metadata": { # Service-specific metadata associated with the operation. It typically

2026

# contains progress information and common metadata such as create time.

2027

# Some services might not provide such metadata. Any method that returns a

2028

# long-running operation should document the metadata type, if any.

2029

"a_key": "", # Properties of the object. Contains field @type with type URL.

2030

},

2031

"error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.

2032

# different programming environments, including REST APIs and RPC APIs. It is

2033

# used by [gRPC](https://github.com/grpc). Each `Status` message contains

2034

# three pieces of data: error code, error message, and error details.

2035

#

2036

# You can find out more about this error model and how to work with it in the

2037

# [API Design Guide](https://cloud.google.com/apis/design/errors).