Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 3bf2781e29cb828409f3a8a21939323286524569 / . / docs / dyn / iap_v1beta1.v1beta1.html
blob: b6150ddb34df1cd010fef7df932933284722a1d4 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="iap_v1beta1.html">Cloud Identity-Aware Proxy API</a> . <a href="iap_v1beta1.v1beta1.html">v1beta1</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
79<p class="firstline">Gets the access control policy for an Identity-Aware Proxy protected</p>
80<p class="toc_element">
81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
82<p class="firstline">Sets the access control policy for an Identity-Aware Proxy protected</p>
83<p class="toc_element">
84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns permissions that a caller has on the Identity-Aware Proxy protected</p>
86<h3>Method Details</h3>
87<div class="method">
88 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
89 <pre>Gets the access control policy for an Identity-Aware Proxy protected
90resource.
91More information about managing access via IAP can be found at:
92https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
93
94Args:
95 resource: string, REQUIRED: The resource for which the policy is being requested.
96See the operation documentation for the appropriate value for this field. (required)
97 body: object, The request body.
98 The object takes the form of:
99
100{ # Request message for `GetIamPolicy` method.
101 }
102
103 x__xgafv: string, V1 error format.
104 Allowed values
105 1 - v1 error format
106 2 - v2 error format
107
108Returns:
109 An object of the form:
110
111 { # Defines an Identity and Access Management (IAM) policy. It is used to
112 # specify access control policies for Cloud Platform resources.
113 #
114 #
115 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
116 # `members` to a `role`, where the members can be user accounts, Google groups,
117 # Google domains, and service accounts. A `role` is a named list of permissions
118 # defined by IAM.
119 #
120 # **JSON Example**
121 #
122 # {
123 # "bindings": [
124 # {
125 # "role": "roles/owner",
126 # "members": [
127 # "user:mike@example.com",
128 # "group:admins@example.com",
129 # "domain:google.com",
130 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
131 # ]
132 # },
133 # {
134 # "role": "roles/viewer",
135 # "members": ["user:sean@example.com"]
136 # }
137 # ]
138 # }
139 #
140 # **YAML Example**
141 #
142 # bindings:
143 # - members:
144 # - user:mike@example.com
145 # - group:admins@example.com
146 # - domain:google.com
147 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
148 # role: roles/owner
149 # - members:
150 # - user:sean@example.com
151 # role: roles/viewer
152 #
153 #
154 # For a description of IAM and its features, see the
155 # [IAM developer's guide](https://cloud.google.com/iam/docs).
156 "bindings": [ # Associates a list of `members` to a `role`.
157 # `bindings` with no members will result in an error.
158 { # Associates `members` with a `role`.
159 "role": "A String", # Role that is assigned to `members`.
160 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
161 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
162 # `members` can have the following values:
163 #
164 # * `allUsers`: A special identifier that represents anyone who is
165 # on the internet; with or without a Google account.
166 #
167 # * `allAuthenticatedUsers`: A special identifier that represents anyone
168 # who is authenticated with a Google account or a service account.
169 #
170 # * `user:{emailid}`: An email address that represents a specific Google
171 # account. For example, `alice@gmail.com` .
172 #
173 #
174 # * `serviceAccount:{emailid}`: An email address that represents a service
175 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
176 #
177 # * `group:{emailid}`: An email address that represents a Google group.
178 # For example, `admins@example.com`.
179 #
180 #
181 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
182 # users of that domain. For example, `google.com` or `example.com`.
183 #
184 "A String",
185 ],
186 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
187 # NOTE: An unsatisfied condition will not allow user access via current
188 # binding. Different bindings, including their conditions, are examined
189 # independently.
190 #
191 # title: "User account presence"
192 # description: "Determines whether the request has a user account"
193 # expression: "size(request.user) > 0"
194 "description": "A String", # An optional description of the expression. This is a longer text which
195 # describes the expression, e.g. when hovered over it in a UI.
196 "expression": "A String", # Textual representation of an expression in
197 # Common Expression Language syntax.
198 #
199 # The application context of the containing message determines which
200 # well-known feature set of CEL is supported.
201 "location": "A String", # An optional string indicating the location of the expression for error
202 # reporting, e.g. a file name and a position in the file.
203 "title": "A String", # An optional title for the expression, i.e. a short string describing
204 # its purpose. This can be used e.g. in UIs which allow to enter the
205 # expression.
206 },
207 },
208 ],
209 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
210 # prevent simultaneous updates of a policy from overwriting each other.
211 # It is strongly suggested that systems make use of the `etag` in the
212 # read-modify-write cycle to perform policy updates in order to avoid race
213 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
214 # systems are expected to put that etag in the request to `setIamPolicy` to
215 # ensure that their change will be applied to the same version of the policy.
216 #
217 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
218 # policy is overwritten blindly.
219 "version": 42, # Deprecated.
220 }</pre>
221</div>
222
223<div class="method">
224 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
225 <pre>Sets the access control policy for an Identity-Aware Proxy protected
226resource. Replaces any existing policy.
227More information about managing access via IAP can be found at:
228https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
229
230Args:
231 resource: string, REQUIRED: The resource for which the policy is being specified.
232See the operation documentation for the appropriate value for this field. (required)
233 body: object, The request body. (required)
234 The object takes the form of:
235
236{ # Request message for `SetIamPolicy` method.
237 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
238 # the policy is limited to a few 10s of KB. An empty policy is a
239 # valid policy but certain Cloud Platform services (such as Projects)
240 # might reject them.
241 # specify access control policies for Cloud Platform resources.
242 #
243 #
244 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
245 # `members` to a `role`, where the members can be user accounts, Google groups,
246 # Google domains, and service accounts. A `role` is a named list of permissions
247 # defined by IAM.
248 #
249 # **JSON Example**
250 #
251 # {
252 # "bindings": [
253 # {
254 # "role": "roles/owner",
255 # "members": [
256 # "user:mike@example.com",
257 # "group:admins@example.com",
258 # "domain:google.com",
259 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
260 # ]
261 # },
262 # {
263 # "role": "roles/viewer",
264 # "members": ["user:sean@example.com"]
265 # }
266 # ]
267 # }
268 #
269 # **YAML Example**
270 #
271 # bindings:
272 # - members:
273 # - user:mike@example.com
274 # - group:admins@example.com
275 # - domain:google.com
276 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
277 # role: roles/owner
278 # - members:
279 # - user:sean@example.com
280 # role: roles/viewer
281 #
282 #
283 # For a description of IAM and its features, see the
284 # [IAM developer's guide](https://cloud.google.com/iam/docs).
285 "bindings": [ # Associates a list of `members` to a `role`.
286 # `bindings` with no members will result in an error.
287 { # Associates `members` with a `role`.
288 "role": "A String", # Role that is assigned to `members`.
289 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
290 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
291 # `members` can have the following values:
292 #
293 # * `allUsers`: A special identifier that represents anyone who is
294 # on the internet; with or without a Google account.
295 #
296 # * `allAuthenticatedUsers`: A special identifier that represents anyone
297 # who is authenticated with a Google account or a service account.
298 #
299 # * `user:{emailid}`: An email address that represents a specific Google
300 # account. For example, `alice@gmail.com` .
301 #
302 #
303 # * `serviceAccount:{emailid}`: An email address that represents a service
304 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
305 #
306 # * `group:{emailid}`: An email address that represents a Google group.
307 # For example, `admins@example.com`.
308 #
309 #
310 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
311 # users of that domain. For example, `google.com` or `example.com`.
312 #
313 "A String",
314 ],
315 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
316 # NOTE: An unsatisfied condition will not allow user access via current
317 # binding. Different bindings, including their conditions, are examined
318 # independently.
319 #
320 # title: "User account presence"
321 # description: "Determines whether the request has a user account"
322 # expression: "size(request.user) > 0"
323 "description": "A String", # An optional description of the expression. This is a longer text which
324 # describes the expression, e.g. when hovered over it in a UI.
325 "expression": "A String", # Textual representation of an expression in
326 # Common Expression Language syntax.
327 #
328 # The application context of the containing message determines which
329 # well-known feature set of CEL is supported.
330 "location": "A String", # An optional string indicating the location of the expression for error
331 # reporting, e.g. a file name and a position in the file.
332 "title": "A String", # An optional title for the expression, i.e. a short string describing
333 # its purpose. This can be used e.g. in UIs which allow to enter the
334 # expression.
335 },
336 },
337 ],
338 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
339 # prevent simultaneous updates of a policy from overwriting each other.
340 # It is strongly suggested that systems make use of the `etag` in the
341 # read-modify-write cycle to perform policy updates in order to avoid race
342 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
343 # systems are expected to put that etag in the request to `setIamPolicy` to
344 # ensure that their change will be applied to the same version of the policy.
345 #
346 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
347 # policy is overwritten blindly.
348 "version": 42, # Deprecated.
349 },
350 }
351
352 x__xgafv: string, V1 error format.
353 Allowed values
354 1 - v1 error format
355 2 - v2 error format
356
357Returns:
358 An object of the form:
359
360 { # Defines an Identity and Access Management (IAM) policy. It is used to
361 # specify access control policies for Cloud Platform resources.
362 #
363 #
364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
365 # `members` to a `role`, where the members can be user accounts, Google groups,
366 # Google domains, and service accounts. A `role` is a named list of permissions
367 # defined by IAM.
368 #
369 # **JSON Example**
370 #
371 # {
372 # "bindings": [
373 # {
374 # "role": "roles/owner",
375 # "members": [
376 # "user:mike@example.com",
377 # "group:admins@example.com",
378 # "domain:google.com",
379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
380 # ]
381 # },
382 # {
383 # "role": "roles/viewer",
384 # "members": ["user:sean@example.com"]
385 # }
386 # ]
387 # }
388 #
389 # **YAML Example**
390 #
391 # bindings:
392 # - members:
393 # - user:mike@example.com
394 # - group:admins@example.com
395 # - domain:google.com
396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
397 # role: roles/owner
398 # - members:
399 # - user:sean@example.com
400 # role: roles/viewer
401 #
402 #
403 # For a description of IAM and its features, see the
404 # [IAM developer's guide](https://cloud.google.com/iam/docs).
405 "bindings": [ # Associates a list of `members` to a `role`.
406 # `bindings` with no members will result in an error.
407 { # Associates `members` with a `role`.
408 "role": "A String", # Role that is assigned to `members`.
409 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
410 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
411 # `members` can have the following values:
412 #
413 # * `allUsers`: A special identifier that represents anyone who is
414 # on the internet; with or without a Google account.
415 #
416 # * `allAuthenticatedUsers`: A special identifier that represents anyone
417 # who is authenticated with a Google account or a service account.
418 #
419 # * `user:{emailid}`: An email address that represents a specific Google
420 # account. For example, `alice@gmail.com` .
421 #
422 #
423 # * `serviceAccount:{emailid}`: An email address that represents a service
424 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
425 #
426 # * `group:{emailid}`: An email address that represents a Google group.
427 # For example, `admins@example.com`.
428 #
429 #
430 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
431 # users of that domain. For example, `google.com` or `example.com`.
432 #
433 "A String",
434 ],
435 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
436 # NOTE: An unsatisfied condition will not allow user access via current
437 # binding. Different bindings, including their conditions, are examined
438 # independently.
439 #
440 # title: "User account presence"
441 # description: "Determines whether the request has a user account"
442 # expression: "size(request.user) > 0"
443 "description": "A String", # An optional description of the expression. This is a longer text which
444 # describes the expression, e.g. when hovered over it in a UI.
445 "expression": "A String", # Textual representation of an expression in
446 # Common Expression Language syntax.
447 #
448 # The application context of the containing message determines which
449 # well-known feature set of CEL is supported.
450 "location": "A String", # An optional string indicating the location of the expression for error
451 # reporting, e.g. a file name and a position in the file.
452 "title": "A String", # An optional title for the expression, i.e. a short string describing
453 # its purpose. This can be used e.g. in UIs which allow to enter the
454 # expression.
455 },
456 },
457 ],
458 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
459 # prevent simultaneous updates of a policy from overwriting each other.
460 # It is strongly suggested that systems make use of the `etag` in the
461 # read-modify-write cycle to perform policy updates in order to avoid race
462 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
463 # systems are expected to put that etag in the request to `setIamPolicy` to
464 # ensure that their change will be applied to the same version of the policy.
465 #
466 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
467 # policy is overwritten blindly.
468 "version": 42, # Deprecated.
469 }</pre>
470</div>
471
472<div class="method">
473 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
474 <pre>Returns permissions that a caller has on the Identity-Aware Proxy protected
475resource. If the resource does not exist or the caller does not have
476Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED]
477will be returned.
478More information about managing access via IAP can be found at:
479https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
480
481Args:
482 resource: string, REQUIRED: The resource for which the policy detail is being requested.
483See the operation documentation for the appropriate value for this field. (required)
484 body: object, The request body. (required)
485 The object takes the form of:
486
487{ # Request message for `TestIamPermissions` method.
488 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
489 # wildcards (such as '*' or 'storage.*') are not allowed. For more
490 # information see
491 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
492 "A String",
493 ],
494 }
495
496 x__xgafv: string, V1 error format.
497 Allowed values
498 1 - v1 error format
499 2 - v2 error format
500
501Returns:
502 An object of the form:
503
504 { # Response message for `TestIamPermissions` method.
505 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
506 # allowed.
507 "A String",
508 ],
509 }</pre>
510</div>
511
512</body></html>