Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 3bf2781e29cb828409f3a8a21939323286524569 / . / docs / dyn / iap_v1.v1.html
blob: 2c7f0409e2e7a2076fb144c46de87ac304c0d7d2 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="iap_v1.html">Cloud Identity-Aware Proxy API</a> . <a href="iap_v1.v1.html">v1</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
79<p class="firstline">Gets the access control policy for an Identity-Aware Proxy protected</p>
80<p class="toc_element">
81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
82<p class="firstline">Sets the access control policy for an Identity-Aware Proxy protected</p>
83<p class="toc_element">
84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns permissions that a caller has on the Identity-Aware Proxy protected</p>
86<h3>Method Details</h3>
87<div class="method">
88 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
89 <pre>Gets the access control policy for an Identity-Aware Proxy protected
90resource.
91More information about managing access via IAP can be found at:
92https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
93
94Args:
95 resource: string, REQUIRED: The resource for which the policy is being requested.
96See the operation documentation for the appropriate value for this field. (required)
97 body: object, The request body.
98 The object takes the form of:
99
100{ # Request message for `GetIamPolicy` method.
101 }
102
103 x__xgafv: string, V1 error format.
104 Allowed values
105 1 - v1 error format
106 2 - v2 error format
107
108Returns:
109 An object of the form:
110
111 { # Defines an Identity and Access Management (IAM) policy. It is used to
112 # specify access control policies for Cloud Platform resources.
113 #
114 #
115 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
116 # `members` to a `role`, where the members can be user accounts, Google groups,
117 # Google domains, and service accounts. A `role` is a named list of permissions
118 # defined by IAM.
119 #
120 # **JSON Example**
121 #
122 # {
123 # "bindings": [
124 # {
125 # "role": "roles/owner",
126 # "members": [
127 # "user:mike@example.com",
128 # "group:admins@example.com",
129 # "domain:google.com",
130 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
131 # ]
132 # },
133 # {
134 # "role": "roles/viewer",
135 # "members": ["user:sean@example.com"]
136 # }
137 # ]
138 # }
139 #
140 # **YAML Example**
141 #
142 # bindings:
143 # - members:
144 # - user:mike@example.com
145 # - group:admins@example.com
146 # - domain:google.com
147 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
148 # role: roles/owner
149 # - members:
150 # - user:sean@example.com
151 # role: roles/viewer
152 #
153 #
154 # For a description of IAM and its features, see the
155 # [IAM developer's guide](https://cloud.google.com/iam/docs).
156 "bindings": [ # Associates a list of `members` to a `role`.
157 # `bindings` with no members will result in an error.
158 { # Associates `members` with a `role`.
159 "role": "A String", # Role that is assigned to `members`.
160 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
161 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
162 # NOTE: An unsatisfied condition will not allow user access via current
163 # binding. Different bindings, including their conditions, are examined
164 # independently.
165 #
166 # title: "User account presence"
167 # description: "Determines whether the request has a user account"
168 # expression: "size(request.user) > 0"
169 "location": "A String", # An optional string indicating the location of the expression for error
170 # reporting, e.g. a file name and a position in the file.
171 "expression": "A String", # Textual representation of an expression in
172 # Common Expression Language syntax.
173 #
174 # The application context of the containing message determines which
175 # well-known feature set of CEL is supported.
176 "description": "A String", # An optional description of the expression. This is a longer text which
177 # describes the expression, e.g. when hovered over it in a UI.
178 "title": "A String", # An optional title for the expression, i.e. a short string describing
179 # its purpose. This can be used e.g. in UIs which allow to enter the
180 # expression.
181 },
182 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
183 # `members` can have the following values:
184 #
185 # * `allUsers`: A special identifier that represents anyone who is
186 # on the internet; with or without a Google account.
187 #
188 # * `allAuthenticatedUsers`: A special identifier that represents anyone
189 # who is authenticated with a Google account or a service account.
190 #
191 # * `user:{emailid}`: An email address that represents a specific Google
192 # account. For example, `alice@gmail.com` .
193 #
194 #
195 # * `serviceAccount:{emailid}`: An email address that represents a service
196 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
197 #
198 # * `group:{emailid}`: An email address that represents a Google group.
199 # For example, `admins@example.com`.
200 #
201 #
202 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
203 # users of that domain. For example, `google.com` or `example.com`.
204 #
205 "A String",
206 ],
207 },
208 ],
209 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
210 # prevent simultaneous updates of a policy from overwriting each other.
211 # It is strongly suggested that systems make use of the `etag` in the
212 # read-modify-write cycle to perform policy updates in order to avoid race
213 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
214 # systems are expected to put that etag in the request to `setIamPolicy` to
215 # ensure that their change will be applied to the same version of the policy.
216 #
217 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
218 # policy is overwritten blindly.
219 "version": 42, # Deprecated.
220 }</pre>
221</div>
222
223<div class="method">
224 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
225 <pre>Sets the access control policy for an Identity-Aware Proxy protected
226resource. Replaces any existing policy.
227More information about managing access via IAP can be found at:
228https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
229
230Args:
231 resource: string, REQUIRED: The resource for which the policy is being specified.
232See the operation documentation for the appropriate value for this field. (required)
233 body: object, The request body. (required)
234 The object takes the form of:
235
236{ # Request message for `SetIamPolicy` method.
237 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
238 # the policy is limited to a few 10s of KB. An empty policy is a
239 # valid policy but certain Cloud Platform services (such as Projects)
240 # might reject them.
241 # specify access control policies for Cloud Platform resources.
242 #
243 #
244 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
245 # `members` to a `role`, where the members can be user accounts, Google groups,
246 # Google domains, and service accounts. A `role` is a named list of permissions
247 # defined by IAM.
248 #
249 # **JSON Example**
250 #
251 # {
252 # "bindings": [
253 # {
254 # "role": "roles/owner",
255 # "members": [
256 # "user:mike@example.com",
257 # "group:admins@example.com",
258 # "domain:google.com",
259 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
260 # ]
261 # },
262 # {
263 # "role": "roles/viewer",
264 # "members": ["user:sean@example.com"]
265 # }
266 # ]
267 # }
268 #
269 # **YAML Example**
270 #
271 # bindings:
272 # - members:
273 # - user:mike@example.com
274 # - group:admins@example.com
275 # - domain:google.com
276 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
277 # role: roles/owner
278 # - members:
279 # - user:sean@example.com
280 # role: roles/viewer
281 #
282 #
283 # For a description of IAM and its features, see the
284 # [IAM developer's guide](https://cloud.google.com/iam/docs).
285 "bindings": [ # Associates a list of `members` to a `role`.
286 # `bindings` with no members will result in an error.
287 { # Associates `members` with a `role`.
288 "role": "A String", # Role that is assigned to `members`.
289 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
290 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
291 # NOTE: An unsatisfied condition will not allow user access via current
292 # binding. Different bindings, including their conditions, are examined
293 # independently.
294 #
295 # title: "User account presence"
296 # description: "Determines whether the request has a user account"
297 # expression: "size(request.user) > 0"
298 "location": "A String", # An optional string indicating the location of the expression for error
299 # reporting, e.g. a file name and a position in the file.
300 "expression": "A String", # Textual representation of an expression in
301 # Common Expression Language syntax.
302 #
303 # The application context of the containing message determines which
304 # well-known feature set of CEL is supported.
305 "description": "A String", # An optional description of the expression. This is a longer text which
306 # describes the expression, e.g. when hovered over it in a UI.
307 "title": "A String", # An optional title for the expression, i.e. a short string describing
308 # its purpose. This can be used e.g. in UIs which allow to enter the
309 # expression.
310 },
311 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
312 # `members` can have the following values:
313 #
314 # * `allUsers`: A special identifier that represents anyone who is
315 # on the internet; with or without a Google account.
316 #
317 # * `allAuthenticatedUsers`: A special identifier that represents anyone
318 # who is authenticated with a Google account or a service account.
319 #
320 # * `user:{emailid}`: An email address that represents a specific Google
321 # account. For example, `alice@gmail.com` .
322 #
323 #
324 # * `serviceAccount:{emailid}`: An email address that represents a service
325 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
326 #
327 # * `group:{emailid}`: An email address that represents a Google group.
328 # For example, `admins@example.com`.
329 #
330 #
331 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
332 # users of that domain. For example, `google.com` or `example.com`.
333 #
334 "A String",
335 ],
336 },
337 ],
338 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
339 # prevent simultaneous updates of a policy from overwriting each other.
340 # It is strongly suggested that systems make use of the `etag` in the
341 # read-modify-write cycle to perform policy updates in order to avoid race
342 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
343 # systems are expected to put that etag in the request to `setIamPolicy` to
344 # ensure that their change will be applied to the same version of the policy.
345 #
346 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
347 # policy is overwritten blindly.
348 "version": 42, # Deprecated.
349 },
350 }
351
352 x__xgafv: string, V1 error format.
353 Allowed values
354 1 - v1 error format
355 2 - v2 error format
356
357Returns:
358 An object of the form:
359
360 { # Defines an Identity and Access Management (IAM) policy. It is used to
361 # specify access control policies for Cloud Platform resources.
362 #
363 #
364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
365 # `members` to a `role`, where the members can be user accounts, Google groups,
366 # Google domains, and service accounts. A `role` is a named list of permissions
367 # defined by IAM.
368 #
369 # **JSON Example**
370 #
371 # {
372 # "bindings": [
373 # {
374 # "role": "roles/owner",
375 # "members": [
376 # "user:mike@example.com",
377 # "group:admins@example.com",
378 # "domain:google.com",
379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
380 # ]
381 # },
382 # {
383 # "role": "roles/viewer",
384 # "members": ["user:sean@example.com"]
385 # }
386 # ]
387 # }
388 #
389 # **YAML Example**
390 #
391 # bindings:
392 # - members:
393 # - user:mike@example.com
394 # - group:admins@example.com
395 # - domain:google.com
396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
397 # role: roles/owner
398 # - members:
399 # - user:sean@example.com
400 # role: roles/viewer
401 #
402 #
403 # For a description of IAM and its features, see the
404 # [IAM developer's guide](https://cloud.google.com/iam/docs).
405 "bindings": [ # Associates a list of `members` to a `role`.
406 # `bindings` with no members will result in an error.
407 { # Associates `members` with a `role`.
408 "role": "A String", # Role that is assigned to `members`.
409 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
410 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
411 # NOTE: An unsatisfied condition will not allow user access via current
412 # binding. Different bindings, including their conditions, are examined
413 # independently.
414 #
415 # title: "User account presence"
416 # description: "Determines whether the request has a user account"
417 # expression: "size(request.user) > 0"
418 "location": "A String", # An optional string indicating the location of the expression for error
419 # reporting, e.g. a file name and a position in the file.
420 "expression": "A String", # Textual representation of an expression in
421 # Common Expression Language syntax.
422 #
423 # The application context of the containing message determines which
424 # well-known feature set of CEL is supported.
425 "description": "A String", # An optional description of the expression. This is a longer text which
426 # describes the expression, e.g. when hovered over it in a UI.
427 "title": "A String", # An optional title for the expression, i.e. a short string describing
428 # its purpose. This can be used e.g. in UIs which allow to enter the
429 # expression.
430 },
431 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
432 # `members` can have the following values:
433 #
434 # * `allUsers`: A special identifier that represents anyone who is
435 # on the internet; with or without a Google account.
436 #
437 # * `allAuthenticatedUsers`: A special identifier that represents anyone
438 # who is authenticated with a Google account or a service account.
439 #
440 # * `user:{emailid}`: An email address that represents a specific Google
441 # account. For example, `alice@gmail.com` .
442 #
443 #
444 # * `serviceAccount:{emailid}`: An email address that represents a service
445 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
446 #
447 # * `group:{emailid}`: An email address that represents a Google group.
448 # For example, `admins@example.com`.
449 #
450 #
451 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
452 # users of that domain. For example, `google.com` or `example.com`.
453 #
454 "A String",
455 ],
456 },
457 ],
458 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
459 # prevent simultaneous updates of a policy from overwriting each other.
460 # It is strongly suggested that systems make use of the `etag` in the
461 # read-modify-write cycle to perform policy updates in order to avoid race
462 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
463 # systems are expected to put that etag in the request to `setIamPolicy` to
464 # ensure that their change will be applied to the same version of the policy.
465 #
466 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
467 # policy is overwritten blindly.
468 "version": 42, # Deprecated.
469 }</pre>
470</div>
471
472<div class="method">
473 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
474 <pre>Returns permissions that a caller has on the Identity-Aware Proxy protected
475resource.
476More information about managing access via IAP can be found at:
477https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
478
479Args:
480 resource: string, REQUIRED: The resource for which the policy detail is being requested.
481See the operation documentation for the appropriate value for this field. (required)
482 body: object, The request body. (required)
483 The object takes the form of:
484
485{ # Request message for `TestIamPermissions` method.
486 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
487 # wildcards (such as '*' or 'storage.*') are not allowed. For more
488 # information see
489 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
490 "A String",
491 ],
492 }
493
494 x__xgafv: string, V1 error format.
495 Allowed values
496 1 - v1 error format
497 2 - v2 error format
498
499Returns:
500 An object of the form:
501
502 { # Response message for `TestIamPermissions` method.
503 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
504 # allowed.
505 "A String",
506 ],
507 }</pre>
508</div>
509
510</body></html>