Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / e833b79ffee531ae64e11175718bb2fffc504950 / . / docs / dyn / cloudkms_v1.projects.locations.keyRings.cryptoKeys.html
blob: f0912232d43382ec0efaa0dba7573c5e397eeb29 [file] [log] [blame]
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="cloudkms_v1.html">Google Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.html">cryptoKeys</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html">cryptoKeyVersions()</a></code>
79</p>
80<p class="firstline">Returns the cryptoKeyVersions Resource.</p>
81
82<p class="toc_element">
83 <code><a href="#create">create(parent=None, body, cryptoKeyId=None, x__xgafv=None)</a></code></p>
84<p class="firstline">Create a new CryptoKey within a KeyRing.</p>
85<p class="toc_element">
86 <code><a href="#decrypt">decrypt(name=None, body, x__xgafv=None)</a></code></p>
87<p class="firstline">Decrypt data that was protected by Encrypt.</p>
88<p class="toc_element">
89 <code><a href="#encrypt">encrypt(name=None, body, x__xgafv=None)</a></code></p>
90<p class="firstline">Encrypt data, so that it can only be recovered by a call to Decrypt.</p>
91<p class="toc_element">
92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
93<p class="firstline">Returns metadata for a given CryptoKey, as well as its</p>
94<p class="toc_element">
95 <code><a href="#getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</a></code></p>
96<p class="firstline">Gets the access control policy for a resource.</p>
97<p class="toc_element">
98 <code><a href="#list">list(parent=None, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
99<p class="firstline">Lists CryptoKeys.</p>
100<p class="toc_element">
101 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
102<p class="firstline">Retrieves the next page of results.</p>
103<p class="toc_element">
104 <code><a href="#patch">patch(name=None, body, updateMask=None, x__xgafv=None)</a></code></p>
105<p class="firstline">Update a CryptoKey.</p>
106<p class="toc_element">
107 <code><a href="#setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</a></code></p>
108<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
109<p class="toc_element">
110 <code><a href="#testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</a></code></p>
111<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
112<p class="toc_element">
113 <code><a href="#updatePrimaryVersion">updatePrimaryVersion(name, body, x__xgafv=None)</a></code></p>
114<p class="firstline">Update the version of a CryptoKey that will be used in Encrypt</p>
115<h3>Method Details</h3>
116<div class="method">
117 <code class="details" id="create">create(parent=None, body, cryptoKeyId=None, x__xgafv=None)</code>
118 <pre>Create a new CryptoKey within a KeyRing.
119
120CryptoKey.purpose is required.
121
122Args:
123 parent: string, Required. The name of the KeyRing associated with the
124CryptoKeys. (required)
125 body: object, The request body. (required)
126 The object takes the form of:
127
128{ # A CryptoKey represents a logical key that can be used for cryptographic
129 # operations.
130 #
131 # A CryptoKey is made up of one or more versions, which
132 # represent the actual key material used in cryptographic operations.
133 "name": "A String", # Output only. The resource name for this CryptoKey in the format
134 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
135 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
136 # automatically rotates a key. Must be at least one day.
137 #
138 # If rotation_period is set, next_rotation_time must also be set.
139 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
140 # by Encrypt when this CryptoKey is given
141 # in EncryptRequest.name.
142 #
143 # The CryptoKey's primary version can be updated via
144 # UpdateCryptoKeyPrimaryVersion.
145 # associated key material.
146 #
147 # It can be used for cryptographic operations either directly, or via its
148 # parent CryptoKey, in which case the server will choose the appropriate
149 # version for the operation.
150 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]151 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
152 # for destruction. Only present if state is
153 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]154 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]155 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
156 # destroyed. Only present if state is
157 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]158 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
159 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]160 },
161 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
162 # purpose is ENCRYPT_DECRYPT.
163 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
164 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
165 #
166 # 1. Create a new version of this CryptoKey.
167 # 2. Mark the new version as primary.
168 #
169 # Key rotations performed manually via
170 # CreateCryptoKeyVersion and
171 # UpdateCryptoKeyPrimaryVersion
172 # do not affect next_rotation_time.
173}
174
175 cryptoKeyId: string, Required. It must be unique within a KeyRing and match the regular
176expression `[a-zA-Z0-9_-]{1,63}`
177 x__xgafv: string, V1 error format.
178 Allowed values
179 1 - v1 error format
180 2 - v2 error format
181
182Returns:
183 An object of the form:
184
185 { # A CryptoKey represents a logical key that can be used for cryptographic
186 # operations.
187 #
188 # A CryptoKey is made up of one or more versions, which
189 # represent the actual key material used in cryptographic operations.
190 "name": "A String", # Output only. The resource name for this CryptoKey in the format
191 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
192 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
193 # automatically rotates a key. Must be at least one day.
194 #
195 # If rotation_period is set, next_rotation_time must also be set.
196 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
197 # by Encrypt when this CryptoKey is given
198 # in EncryptRequest.name.
199 #
200 # The CryptoKey's primary version can be updated via
201 # UpdateCryptoKeyPrimaryVersion.
202 # associated key material.
203 #
204 # It can be used for cryptographic operations either directly, or via its
205 # parent CryptoKey, in which case the server will choose the appropriate
206 # version for the operation.
207 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]208 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
209 # for destruction. Only present if state is
210 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]211 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]212 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
213 # destroyed. Only present if state is
214 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]215 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
216 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]217 },
218 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
219 # purpose is ENCRYPT_DECRYPT.
220 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
221 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
222 #
223 # 1. Create a new version of this CryptoKey.
224 # 2. Mark the new version as primary.
225 #
226 # Key rotations performed manually via
227 # CreateCryptoKeyVersion and
228 # UpdateCryptoKeyPrimaryVersion
229 # do not affect next_rotation_time.
230 }</pre>
231</div>
232
233<div class="method">
234 <code class="details" id="decrypt">decrypt(name=None, body, x__xgafv=None)</code>
235 <pre>Decrypt data that was protected by Encrypt.
236
237Args:
238 name: string, Required. The resource name of the CryptoKey to use for decryption.
239The server will choose the appropriate version. (required)
240 body: object, The request body. (required)
241 The object takes the form of:
242
243{ # Request message for KeyManagementService.Decrypt.
244 "ciphertext": "A String", # Required. The encrypted data originally returned in
245 # EncryptResponse.ciphertext.
246 "additionalAuthenticatedData": "A String", # Optional data that must match the data originally supplied in
247 # EncryptRequest.additional_authenticated_data.
248 }
249
250 x__xgafv: string, V1 error format.
251 Allowed values
252 1 - v1 error format
253 2 - v2 error format
254
255Returns:
256 An object of the form:
257
258 { # Response message for KeyManagementService.Decrypt.
259 "plaintext": "A String", # The decrypted data originally supplied in EncryptRequest.plaintext.
260 }</pre>
261</div>
262
263<div class="method">
264 <code class="details" id="encrypt">encrypt(name=None, body, x__xgafv=None)</code>
265 <pre>Encrypt data, so that it can only be recovered by a call to Decrypt.
266
267Args:
268 name: string, Required. The resource name of the CryptoKey or CryptoKeyVersion
269to use for encryption.
270
271If a CryptoKey is specified, the server will use its
272primary version. (required)
273 body: object, The request body. (required)
274 The object takes the form of:
275
276{ # Request message for KeyManagementService.Encrypt.
277 "plaintext": "A String", # Required. The data to encrypt. Must be no larger than 64KiB.
278 "additionalAuthenticatedData": "A String", # Optional data that, if specified, must also be provided during decryption
279 # through DecryptRequest.additional_authenticated_data. Must be no
280 # larger than 64KiB.
281 }
282
283 x__xgafv: string, V1 error format.
284 Allowed values
285 1 - v1 error format
286 2 - v2 error format
287
288Returns:
289 An object of the form:
290
291 { # Response message for KeyManagementService.Encrypt.
292 "ciphertext": "A String", # The encrypted data.
293 "name": "A String", # The resource name of the CryptoKeyVersion used in encryption.
294 }</pre>
295</div>
296
297<div class="method">
298 <code class="details" id="get">get(name, x__xgafv=None)</code>
299 <pre>Returns metadata for a given CryptoKey, as well as its
300primary CryptoKeyVersion.
301
302Args:
303 name: string, The name of the CryptoKey to get. (required)
304 x__xgafv: string, V1 error format.
305 Allowed values
306 1 - v1 error format
307 2 - v2 error format
308
309Returns:
310 An object of the form:
311
312 { # A CryptoKey represents a logical key that can be used for cryptographic
313 # operations.
314 #
315 # A CryptoKey is made up of one or more versions, which
316 # represent the actual key material used in cryptographic operations.
317 "name": "A String", # Output only. The resource name for this CryptoKey in the format
318 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
319 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
320 # automatically rotates a key. Must be at least one day.
321 #
322 # If rotation_period is set, next_rotation_time must also be set.
323 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
324 # by Encrypt when this CryptoKey is given
325 # in EncryptRequest.name.
326 #
327 # The CryptoKey's primary version can be updated via
328 # UpdateCryptoKeyPrimaryVersion.
329 # associated key material.
330 #
331 # It can be used for cryptographic operations either directly, or via its
332 # parent CryptoKey, in which case the server will choose the appropriate
333 # version for the operation.
334 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]335 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
336 # for destruction. Only present if state is
337 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]338 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]339 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
340 # destroyed. Only present if state is
341 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]342 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
343 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]344 },
345 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
346 # purpose is ENCRYPT_DECRYPT.
347 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
348 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
349 #
350 # 1. Create a new version of this CryptoKey.
351 # 2. Mark the new version as primary.
352 #
353 # Key rotations performed manually via
354 # CreateCryptoKeyVersion and
355 # UpdateCryptoKeyPrimaryVersion
356 # do not affect next_rotation_time.
357 }</pre>
358</div>
359
360<div class="method">
361 <code class="details" id="getIamPolicy">getIamPolicy(resource=None, x__xgafv=None)</code>
362 <pre>Gets the access control policy for a resource.
363Returns an empty policy if the resource exists and does not have a policy
364set.
365
366Args:
367 resource: string, REQUIRED: The resource for which the policy is being requested.
368See the operation documentation for the appropriate value for this field. (required)
369 x__xgafv: string, V1 error format.
370 Allowed values
371 1 - v1 error format
372 2 - v2 error format
373
374Returns:
375 An object of the form:
376
377 { # Defines an Identity and Access Management (IAM) policy. It is used to
378 # specify access control policies for Cloud Platform resources.
379 #
380 #
381 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
382 # `members` to a `role`, where the members can be user accounts, Google groups,
383 # Google domains, and service accounts. A `role` is a named list of permissions
384 # defined by IAM.
385 #
386 # **Example**
387 #
388 # {
389 # "bindings": [
390 # {
391 # "role": "roles/owner",
392 # "members": [
393 # "user:mike@example.com",
394 # "group:admins@example.com",
395 # "domain:google.com",
396 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
397 # ]
398 # },
399 # {
400 # "role": "roles/viewer",
401 # "members": ["user:sean@example.com"]
402 # }
403 # ]
404 # }
405 #
406 # For a description of IAM and its features, see the
407 # [IAM developer's guide](https://cloud.google.com/iam).
408 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
409 { # Specifies the audit configuration for a service.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]410 # The configuration determines which permission types are logged, and what
411 # identities, if any, are exempted from logging.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]412 # An AuditConifg must have one or more AuditLogConfigs.
413 #
414 # If there are AuditConfigs for both `allServices` and a specific service,
415 # the union of the two AuditConfigs is used for that service: the log_types
416 # specified in each AuditConfig are enabled, and the exempted_members in each
417 # AuditConfig are exempted.
418 # Example Policy with multiple AuditConfigs:
419 # {
420 # "audit_configs": [
421 # {
422 # "service": "allServices"
423 # "audit_log_configs": [
424 # {
425 # "log_type": "DATA_READ",
426 # "exempted_members": [
427 # "user:foo@gmail.com"
428 # ]
429 # },
430 # {
431 # "log_type": "DATA_WRITE",
432 # },
433 # {
434 # "log_type": "ADMIN_READ",
435 # }
436 # ]
437 # },
438 # {
439 # "service": "fooservice@googleapis.com"
440 # "audit_log_configs": [
441 # {
442 # "log_type": "DATA_READ",
443 # },
444 # {
445 # "log_type": "DATA_WRITE",
446 # "exempted_members": [
447 # "user:bar@gmail.com"
448 # ]
449 # }
450 # ]
451 # }
452 # ]
453 # }
454 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
455 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
456 # bar@gmail.com from DATA_WRITE logging.
457 "exemptedMembers": [
458 "A String",
459 ],
460 "auditLogConfigs": [ # The configuration for logging of each type of permission.
461 # Next ID: 4
462 { # Provides the configuration for logging a type of permissions.
463 # Example:
464 #
465 # {
466 # "audit_log_configs": [
467 # {
468 # "log_type": "DATA_READ",
469 # "exempted_members": [
470 # "user:foo@gmail.com"
471 # ]
472 # },
473 # {
474 # "log_type": "DATA_WRITE",
475 # }
476 # ]
477 # }
478 #
479 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
480 # foo@gmail.com from DATA_READ logging.
481 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
482 # permission.
483 # Follows the same format of Binding.members.
484 "A String",
485 ],
486 "logType": "A String", # The log type that this config enables.
487 },
488 ],
489 "service": "A String", # Specifies a service that will be enabled for audit logging.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]490 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]491 # `allServices` is a special value that covers all services.
492 },
493 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]494 "rules": [ # If more than one rule is specified, the rules are applied in the following
495 # manner:
496 # - All matching LOG rules are always applied.
497 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
498 # Logging will be applied if one or more matching rule requires logging.
499 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
500 # granted.
501 # Logging will be applied if one or more matching rule requires logging.
502 # - Otherwise, if no rule applies, permission is denied.
503 { # A rule to be applied in a Policy.
504 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
505 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
506 # The format for in and not_in entries is the same as for members in a
507 # Binding (see google/iam/v1/policy.proto).
508 "A String",
509 ],
510 "description": "A String", # Human-readable description of the rule.
511 "in": [ # If one or more 'in' clauses are specified, the rule matches if
512 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
513 "A String",
514 ],
515 "action": "A String", # Required
516 "conditions": [ # Additional restrictions that must be met
517 { # A condition to be met.
518 "iam": "A String", # Trusted attributes supplied by the IAM system.
519 "svc": "A String", # Trusted attributes discharged by the service.
520 "value": "A String", # DEPRECATED. Use 'values' instead.
521 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
522 # the IAM system for access control.
523 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
524 "A String",
525 ],
526 "op": "A String", # An operator to apply the subject with.
527 },
528 ],
529 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
530 # that match the LOG action.
531 { # Specifies what kind of log the caller must write
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]532 "counter": { # Options for counters # Counter options.
533 "field": "A String", # The field value to attribute.
534 "metric": "A String", # The metric to update.
535 },
536 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
537 },
538 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
539 },
540 },
541 ],
542 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
543 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
544 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
545 "A String",
546 ],
547 },
548 ],
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]549 "version": 42, # Version of the `Policy`. The default version is 0.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]550 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
551 # prevent simultaneous updates of a policy from overwriting each other.
552 # It is strongly suggested that systems make use of the `etag` in the
553 # read-modify-write cycle to perform policy updates in order to avoid race
554 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
555 # systems are expected to put that etag in the request to `setIamPolicy` to
556 # ensure that their change will be applied to the same version of the policy.
557 #
558 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
559 # policy is overwritten blindly.
560 "bindings": [ # Associates a list of `members` to a `role`.
561 # Multiple `bindings` must not be specified for the same `role`.
562 # `bindings` with no members will result in an error.
563 { # Associates `members` with a `role`.
564 "role": "A String", # Role that is assigned to `members`.
565 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
566 # Required
567 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
568 # `members` can have the following values:
569 #
570 # * `allUsers`: A special identifier that represents anyone who is
571 # on the internet; with or without a Google account.
572 #
573 # * `allAuthenticatedUsers`: A special identifier that represents anyone
574 # who is authenticated with a Google account or a service account.
575 #
576 # * `user:{emailid}`: An email address that represents a specific Google
577 # account. For example, `alice@gmail.com` or `joe@example.com`.
578 #
579 #
580 # * `serviceAccount:{emailid}`: An email address that represents a service
581 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
582 #
583 # * `group:{emailid}`: An email address that represents a Google group.
584 # For example, `admins@example.com`.
585 #
586 # * `domain:{domain}`: A Google Apps domain name that represents all the
587 # users of that domain. For example, `google.com` or `example.com`.
588 #
589 "A String",
590 ],
591 },
592 ],
593 "iamOwned": True or False,
594 }</pre>
595</div>
596
597<div class="method">
598 <code class="details" id="list">list(parent=None, pageToken=None, x__xgafv=None, pageSize=None)</code>
599 <pre>Lists CryptoKeys.
600
601Args:
602 parent: string, Required. The resource name of the KeyRing to list, in the format
603`projects/*/locations/*/keyRings/*`. (required)
604 pageToken: string, Optional pagination token, returned earlier via
605ListCryptoKeysResponse.next_page_token.
606 x__xgafv: string, V1 error format.
607 Allowed values
608 1 - v1 error format
609 2 - v2 error format
610 pageSize: integer, Optional limit on the number of CryptoKeys to include in the
611response. Further CryptoKeys can subsequently be obtained by
612including the ListCryptoKeysResponse.next_page_token in a subsequent
613request. If unspecified, the server will pick an appropriate default.
614
615Returns:
616 An object of the form:
617
618 { # Response message for KeyManagementService.ListCryptoKeys.
619 "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in
620 # ListCryptoKeysRequest.page_token to retrieve the next page of results.
621 "cryptoKeys": [ # The list of CryptoKeys.
622 { # A CryptoKey represents a logical key that can be used for cryptographic
623 # operations.
624 #
625 # A CryptoKey is made up of one or more versions, which
626 # represent the actual key material used in cryptographic operations.
627 "name": "A String", # Output only. The resource name for this CryptoKey in the format
628 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
629 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
630 # automatically rotates a key. Must be at least one day.
631 #
632 # If rotation_period is set, next_rotation_time must also be set.
633 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
634 # by Encrypt when this CryptoKey is given
635 # in EncryptRequest.name.
636 #
637 # The CryptoKey's primary version can be updated via
638 # UpdateCryptoKeyPrimaryVersion.
639 # associated key material.
640 #
641 # It can be used for cryptographic operations either directly, or via its
642 # parent CryptoKey, in which case the server will choose the appropriate
643 # version for the operation.
644 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]645 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
646 # for destruction. Only present if state is
647 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]648 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]649 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
650 # destroyed. Only present if state is
651 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]652 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
653 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]654 },
655 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
656 # purpose is ENCRYPT_DECRYPT.
657 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
658 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
659 #
660 # 1. Create a new version of this CryptoKey.
661 # 2. Mark the new version as primary.
662 #
663 # Key rotations performed manually via
664 # CreateCryptoKeyVersion and
665 # UpdateCryptoKeyPrimaryVersion
666 # do not affect next_rotation_time.
667 },
668 ],
669 "totalSize": 42, # The total number of CryptoKeys that matched the query.
670 }</pre>
671</div>
672
673<div class="method">
674 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
675 <pre>Retrieves the next page of results.
676
677Args:
678 previous_request: The request for the previous page. (required)
679 previous_response: The response from the request for the previous page. (required)
680
681Returns:
682 A request object that you can call 'execute()' on to request the next
683 page. Returns None if there are no more items in the collection.
684 </pre>
685</div>
686
687<div class="method">
688 <code class="details" id="patch">patch(name=None, body, updateMask=None, x__xgafv=None)</code>
689 <pre>Update a CryptoKey.
690
691Args:
692 name: string, Output only. The resource name for this CryptoKey in the format
693`projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required)
694 body: object, The request body. (required)
695 The object takes the form of:
696
697{ # A CryptoKey represents a logical key that can be used for cryptographic
698 # operations.
699 #
700 # A CryptoKey is made up of one or more versions, which
701 # represent the actual key material used in cryptographic operations.
702 "name": "A String", # Output only. The resource name for this CryptoKey in the format
703 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
704 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
705 # automatically rotates a key. Must be at least one day.
706 #
707 # If rotation_period is set, next_rotation_time must also be set.
708 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
709 # by Encrypt when this CryptoKey is given
710 # in EncryptRequest.name.
711 #
712 # The CryptoKey's primary version can be updated via
713 # UpdateCryptoKeyPrimaryVersion.
714 # associated key material.
715 #
716 # It can be used for cryptographic operations either directly, or via its
717 # parent CryptoKey, in which case the server will choose the appropriate
718 # version for the operation.
719 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]720 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
721 # for destruction. Only present if state is
722 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]723 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]724 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
725 # destroyed. Only present if state is
726 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]727 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
728 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]729 },
730 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
731 # purpose is ENCRYPT_DECRYPT.
732 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
733 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
734 #
735 # 1. Create a new version of this CryptoKey.
736 # 2. Mark the new version as primary.
737 #
738 # Key rotations performed manually via
739 # CreateCryptoKeyVersion and
740 # UpdateCryptoKeyPrimaryVersion
741 # do not affect next_rotation_time.
742}
743
744 updateMask: string, Required list of fields to be updated in this request.
745 x__xgafv: string, V1 error format.
746 Allowed values
747 1 - v1 error format
748 2 - v2 error format
749
750Returns:
751 An object of the form:
752
753 { # A CryptoKey represents a logical key that can be used for cryptographic
754 # operations.
755 #
756 # A CryptoKey is made up of one or more versions, which
757 # represent the actual key material used in cryptographic operations.
758 "name": "A String", # Output only. The resource name for this CryptoKey in the format
759 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
760 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
761 # automatically rotates a key. Must be at least one day.
762 #
763 # If rotation_period is set, next_rotation_time must also be set.
764 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
765 # by Encrypt when this CryptoKey is given
766 # in EncryptRequest.name.
767 #
768 # The CryptoKey's primary version can be updated via
769 # UpdateCryptoKeyPrimaryVersion.
770 # associated key material.
771 #
772 # It can be used for cryptographic operations either directly, or via its
773 # parent CryptoKey, in which case the server will choose the appropriate
774 # version for the operation.
775 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]776 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
777 # for destruction. Only present if state is
778 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]779 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]780 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
781 # destroyed. Only present if state is
782 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]783 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
784 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]785 },
786 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
787 # purpose is ENCRYPT_DECRYPT.
788 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
789 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
790 #
791 # 1. Create a new version of this CryptoKey.
792 # 2. Mark the new version as primary.
793 #
794 # Key rotations performed manually via
795 # CreateCryptoKeyVersion and
796 # UpdateCryptoKeyPrimaryVersion
797 # do not affect next_rotation_time.
798 }</pre>
799</div>
800
801<div class="method">
802 <code class="details" id="setIamPolicy">setIamPolicy(resource=None, body, x__xgafv=None)</code>
803 <pre>Sets the access control policy on the specified resource. Replaces any
804existing policy.
805
806Args:
807 resource: string, REQUIRED: The resource for which the policy is being specified.
808See the operation documentation for the appropriate value for this field. (required)
809 body: object, The request body. (required)
810 The object takes the form of:
811
812{ # Request message for `SetIamPolicy` method.
813 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
814 # the policy is limited to a few 10s of KB. An empty policy is a
815 # valid policy but certain Cloud Platform services (such as Projects)
816 # might reject them.
817 # specify access control policies for Cloud Platform resources.
818 #
819 #
820 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
821 # `members` to a `role`, where the members can be user accounts, Google groups,
822 # Google domains, and service accounts. A `role` is a named list of permissions
823 # defined by IAM.
824 #
825 # **Example**
826 #
827 # {
828 # "bindings": [
829 # {
830 # "role": "roles/owner",
831 # "members": [
832 # "user:mike@example.com",
833 # "group:admins@example.com",
834 # "domain:google.com",
835 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
836 # ]
837 # },
838 # {
839 # "role": "roles/viewer",
840 # "members": ["user:sean@example.com"]
841 # }
842 # ]
843 # }
844 #
845 # For a description of IAM and its features, see the
846 # [IAM developer's guide](https://cloud.google.com/iam).
847 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
848 { # Specifies the audit configuration for a service.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]849 # The configuration determines which permission types are logged, and what
850 # identities, if any, are exempted from logging.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]851 # An AuditConifg must have one or more AuditLogConfigs.
852 #
853 # If there are AuditConfigs for both `allServices` and a specific service,
854 # the union of the two AuditConfigs is used for that service: the log_types
855 # specified in each AuditConfig are enabled, and the exempted_members in each
856 # AuditConfig are exempted.
857 # Example Policy with multiple AuditConfigs:
858 # {
859 # "audit_configs": [
860 # {
861 # "service": "allServices"
862 # "audit_log_configs": [
863 # {
864 # "log_type": "DATA_READ",
865 # "exempted_members": [
866 # "user:foo@gmail.com"
867 # ]
868 # },
869 # {
870 # "log_type": "DATA_WRITE",
871 # },
872 # {
873 # "log_type": "ADMIN_READ",
874 # }
875 # ]
876 # },
877 # {
878 # "service": "fooservice@googleapis.com"
879 # "audit_log_configs": [
880 # {
881 # "log_type": "DATA_READ",
882 # },
883 # {
884 # "log_type": "DATA_WRITE",
885 # "exempted_members": [
886 # "user:bar@gmail.com"
887 # ]
888 # }
889 # ]
890 # }
891 # ]
892 # }
893 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
894 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
895 # bar@gmail.com from DATA_WRITE logging.
896 "exemptedMembers": [
897 "A String",
898 ],
899 "auditLogConfigs": [ # The configuration for logging of each type of permission.
900 # Next ID: 4
901 { # Provides the configuration for logging a type of permissions.
902 # Example:
903 #
904 # {
905 # "audit_log_configs": [
906 # {
907 # "log_type": "DATA_READ",
908 # "exempted_members": [
909 # "user:foo@gmail.com"
910 # ]
911 # },
912 # {
913 # "log_type": "DATA_WRITE",
914 # }
915 # ]
916 # }
917 #
918 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
919 # foo@gmail.com from DATA_READ logging.
920 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
921 # permission.
922 # Follows the same format of Binding.members.
923 "A String",
924 ],
925 "logType": "A String", # The log type that this config enables.
926 },
927 ],
928 "service": "A String", # Specifies a service that will be enabled for audit logging.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]929 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]930 # `allServices` is a special value that covers all services.
931 },
932 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]933 "rules": [ # If more than one rule is specified, the rules are applied in the following
934 # manner:
935 # - All matching LOG rules are always applied.
936 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
937 # Logging will be applied if one or more matching rule requires logging.
938 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
939 # granted.
940 # Logging will be applied if one or more matching rule requires logging.
941 # - Otherwise, if no rule applies, permission is denied.
942 { # A rule to be applied in a Policy.
943 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
944 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
945 # The format for in and not_in entries is the same as for members in a
946 # Binding (see google/iam/v1/policy.proto).
947 "A String",
948 ],
949 "description": "A String", # Human-readable description of the rule.
950 "in": [ # If one or more 'in' clauses are specified, the rule matches if
951 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
952 "A String",
953 ],
954 "action": "A String", # Required
955 "conditions": [ # Additional restrictions that must be met
956 { # A condition to be met.
957 "iam": "A String", # Trusted attributes supplied by the IAM system.
958 "svc": "A String", # Trusted attributes discharged by the service.
959 "value": "A String", # DEPRECATED. Use 'values' instead.
960 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
961 # the IAM system for access control.
962 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
963 "A String",
964 ],
965 "op": "A String", # An operator to apply the subject with.
966 },
967 ],
968 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
969 # that match the LOG action.
970 { # Specifies what kind of log the caller must write
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]971 "counter": { # Options for counters # Counter options.
972 "field": "A String", # The field value to attribute.
973 "metric": "A String", # The metric to update.
974 },
975 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
976 },
977 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
978 },
979 },
980 ],
981 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
982 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
983 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
984 "A String",
985 ],
986 },
987 ],
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]988 "version": 42, # Version of the `Policy`. The default version is 0.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]989 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
990 # prevent simultaneous updates of a policy from overwriting each other.
991 # It is strongly suggested that systems make use of the `etag` in the
992 # read-modify-write cycle to perform policy updates in order to avoid race
993 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
994 # systems are expected to put that etag in the request to `setIamPolicy` to
995 # ensure that their change will be applied to the same version of the policy.
996 #
997 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
998 # policy is overwritten blindly.
999 "bindings": [ # Associates a list of `members` to a `role`.
1000 # Multiple `bindings` must not be specified for the same `role`.
1001 # `bindings` with no members will result in an error.
1002 { # Associates `members` with a `role`.
1003 "role": "A String", # Role that is assigned to `members`.
1004 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1005 # Required
1006 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1007 # `members` can have the following values:
1008 #
1009 # * `allUsers`: A special identifier that represents anyone who is
1010 # on the internet; with or without a Google account.
1011 #
1012 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1013 # who is authenticated with a Google account or a service account.
1014 #
1015 # * `user:{emailid}`: An email address that represents a specific Google
1016 # account. For example, `alice@gmail.com` or `joe@example.com`.
1017 #
1018 #
1019 # * `serviceAccount:{emailid}`: An email address that represents a service
1020 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1021 #
1022 # * `group:{emailid}`: An email address that represents a Google group.
1023 # For example, `admins@example.com`.
1024 #
1025 # * `domain:{domain}`: A Google Apps domain name that represents all the
1026 # users of that domain. For example, `google.com` or `example.com`.
1027 #
1028 "A String",
1029 ],
1030 },
1031 ],
1032 "iamOwned": True or False,
1033 },
1034 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1035 # the fields in the mask will be modified. If no mask is provided, the
1036 # following default mask is used:
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1037 # paths: "bindings, etag"
1038 # This field is only used by Cloud IAM.
1039 }
1040
1041 x__xgafv: string, V1 error format.
1042 Allowed values
1043 1 - v1 error format
1044 2 - v2 error format
1045
1046Returns:
1047 An object of the form:
1048
1049 { # Defines an Identity and Access Management (IAM) policy. It is used to
1050 # specify access control policies for Cloud Platform resources.
1051 #
1052 #
1053 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
1054 # `members` to a `role`, where the members can be user accounts, Google groups,
1055 # Google domains, and service accounts. A `role` is a named list of permissions
1056 # defined by IAM.
1057 #
1058 # **Example**
1059 #
1060 # {
1061 # "bindings": [
1062 # {
1063 # "role": "roles/owner",
1064 # "members": [
1065 # "user:mike@example.com",
1066 # "group:admins@example.com",
1067 # "domain:google.com",
1068 # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
1069 # ]
1070 # },
1071 # {
1072 # "role": "roles/viewer",
1073 # "members": ["user:sean@example.com"]
1074 # }
1075 # ]
1076 # }
1077 #
1078 # For a description of IAM and its features, see the
1079 # [IAM developer's guide](https://cloud.google.com/iam).
1080 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1081 { # Specifies the audit configuration for a service.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1082 # The configuration determines which permission types are logged, and what
1083 # identities, if any, are exempted from logging.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1084 # An AuditConifg must have one or more AuditLogConfigs.
1085 #
1086 # If there are AuditConfigs for both `allServices` and a specific service,
1087 # the union of the two AuditConfigs is used for that service: the log_types
1088 # specified in each AuditConfig are enabled, and the exempted_members in each
1089 # AuditConfig are exempted.
1090 # Example Policy with multiple AuditConfigs:
1091 # {
1092 # "audit_configs": [
1093 # {
1094 # "service": "allServices"
1095 # "audit_log_configs": [
1096 # {
1097 # "log_type": "DATA_READ",
1098 # "exempted_members": [
1099 # "user:foo@gmail.com"
1100 # ]
1101 # },
1102 # {
1103 # "log_type": "DATA_WRITE",
1104 # },
1105 # {
1106 # "log_type": "ADMIN_READ",
1107 # }
1108 # ]
1109 # },
1110 # {
1111 # "service": "fooservice@googleapis.com"
1112 # "audit_log_configs": [
1113 # {
1114 # "log_type": "DATA_READ",
1115 # },
1116 # {
1117 # "log_type": "DATA_WRITE",
1118 # "exempted_members": [
1119 # "user:bar@gmail.com"
1120 # ]
1121 # }
1122 # ]
1123 # }
1124 # ]
1125 # }
1126 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1127 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1128 # bar@gmail.com from DATA_WRITE logging.
1129 "exemptedMembers": [
1130 "A String",
1131 ],
1132 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1133 # Next ID: 4
1134 { # Provides the configuration for logging a type of permissions.
1135 # Example:
1136 #
1137 # {
1138 # "audit_log_configs": [
1139 # {
1140 # "log_type": "DATA_READ",
1141 # "exempted_members": [
1142 # "user:foo@gmail.com"
1143 # ]
1144 # },
1145 # {
1146 # "log_type": "DATA_WRITE",
1147 # }
1148 # ]
1149 # }
1150 #
1151 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1152 # foo@gmail.com from DATA_READ logging.
1153 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1154 # permission.
1155 # Follows the same format of Binding.members.
1156 "A String",
1157 ],
1158 "logType": "A String", # The log type that this config enables.
1159 },
1160 ],
1161 "service": "A String", # Specifies a service that will be enabled for audit logging.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1162 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1163 # `allServices` is a special value that covers all services.
1164 },
1165 ],
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1166 "rules": [ # If more than one rule is specified, the rules are applied in the following
1167 # manner:
1168 # - All matching LOG rules are always applied.
1169 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied.
1170 # Logging will be applied if one or more matching rule requires logging.
1171 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is
1172 # granted.
1173 # Logging will be applied if one or more matching rule requires logging.
1174 # - Otherwise, if no rule applies, permission is denied.
1175 { # A rule to be applied in a Policy.
1176 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches
1177 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.
1178 # The format for in and not_in entries is the same as for members in a
1179 # Binding (see google/iam/v1/policy.proto).
1180 "A String",
1181 ],
1182 "description": "A String", # Human-readable description of the rule.
1183 "in": [ # If one or more 'in' clauses are specified, the rule matches if
1184 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries.
1185 "A String",
1186 ],
1187 "action": "A String", # Required
1188 "conditions": [ # Additional restrictions that must be met
1189 { # A condition to be met.
1190 "iam": "A String", # Trusted attributes supplied by the IAM system.
1191 "svc": "A String", # Trusted attributes discharged by the service.
1192 "value": "A String", # DEPRECATED. Use 'values' instead.
1193 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses
1194 # the IAM system for access control.
1195 "values": [ # The objects of the condition. This is mutually exclusive with 'value'.
1196 "A String",
1197 ],
1198 "op": "A String", # An operator to apply the subject with.
1199 },
1200 ],
1201 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries
1202 # that match the LOG action.
1203 { # Specifies what kind of log the caller must write
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1204 "counter": { # Options for counters # Counter options.
1205 "field": "A String", # The field value to attribute.
1206 "metric": "A String", # The metric to update.
1207 },
1208 "dataAccess": { # Write a Data Access (Gin) log # Data access options.
1209 },
1210 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options.
1211 },
1212 },
1213 ],
1214 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>'
1215 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions,
1216 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs.
1217 "A String",
1218 ],
1219 },
1220 ],
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1221 "version": 42, # Version of the `Policy`. The default version is 0.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1222 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1223 # prevent simultaneous updates of a policy from overwriting each other.
1224 # It is strongly suggested that systems make use of the `etag` in the
1225 # read-modify-write cycle to perform policy updates in order to avoid race
1226 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1227 # systems are expected to put that etag in the request to `setIamPolicy` to
1228 # ensure that their change will be applied to the same version of the policy.
1229 #
1230 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1231 # policy is overwritten blindly.
1232 "bindings": [ # Associates a list of `members` to a `role`.
1233 # Multiple `bindings` must not be specified for the same `role`.
1234 # `bindings` with no members will result in an error.
1235 { # Associates `members` with a `role`.
1236 "role": "A String", # Role that is assigned to `members`.
1237 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1238 # Required
1239 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1240 # `members` can have the following values:
1241 #
1242 # * `allUsers`: A special identifier that represents anyone who is
1243 # on the internet; with or without a Google account.
1244 #
1245 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1246 # who is authenticated with a Google account or a service account.
1247 #
1248 # * `user:{emailid}`: An email address that represents a specific Google
1249 # account. For example, `alice@gmail.com` or `joe@example.com`.
1250 #
1251 #
1252 # * `serviceAccount:{emailid}`: An email address that represents a service
1253 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1254 #
1255 # * `group:{emailid}`: An email address that represents a Google group.
1256 # For example, `admins@example.com`.
1257 #
1258 # * `domain:{domain}`: A Google Apps domain name that represents all the
1259 # users of that domain. For example, `google.com` or `example.com`.
1260 #
1261 "A String",
1262 ],
1263 },
1264 ],
1265 "iamOwned": True or False,
1266 }</pre>
1267</div>
1268
1269<div class="method">
1270 <code class="details" id="testIamPermissions">testIamPermissions(resource=None, body, x__xgafv=None)</code>
1271 <pre>Returns permissions that a caller has on the specified resource.
1272If the resource does not exist, this will return an empty set of
1273permissions, not a NOT_FOUND error.
1274
1275Note: This operation is designed to be used for building permission-aware
1276UIs and command-line tools, not for authorization checking. This operation
1277may "fail open" without warning.
1278
1279Args:
1280 resource: string, REQUIRED: The resource for which the policy detail is being requested.
1281See the operation documentation for the appropriate value for this field. (required)
1282 body: object, The request body. (required)
1283 The object takes the form of:
1284
1285{ # Request message for `TestIamPermissions` method.
1286 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
1287 # wildcards (such as '*' or 'storage.*') are not allowed. For more
1288 # information see
1289 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
1290 "A String",
1291 ],
1292 }
1293
1294 x__xgafv: string, V1 error format.
1295 Allowed values
1296 1 - v1 error format
1297 2 - v2 error format
1298
1299Returns:
1300 An object of the form:
1301
1302 { # Response message for `TestIamPermissions` method.
1303 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
1304 # allowed.
1305 "A String",
1306 ],
1307 }</pre>
1308</div>
1309
1310<div class="method">
1311 <code class="details" id="updatePrimaryVersion">updatePrimaryVersion(name, body, x__xgafv=None)</code>
1312 <pre>Update the version of a CryptoKey that will be used in Encrypt
1313
1314Args:
1315 name: string, The resource name of the CryptoKey to update. (required)
1316 body: object, The request body. (required)
1317 The object takes the form of:
1318
1319{ # Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
1320 "cryptoKeyVersionId": "A String", # The id of the child CryptoKeyVersion to use as primary.
1321 }
1322
1323 x__xgafv: string, V1 error format.
1324 Allowed values
1325 1 - v1 error format
1326 2 - v2 error format
1327
1328Returns:
1329 An object of the form:
1330
1331 { # A CryptoKey represents a logical key that can be used for cryptographic
1332 # operations.
1333 #
1334 # A CryptoKey is made up of one or more versions, which
1335 # represent the actual key material used in cryptographic operations.
1336 "name": "A String", # Output only. The resource name for this CryptoKey in the format
1337 # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
1338 "rotationPeriod": "A String", # next_rotation_time will be advanced by this period when the service
1339 # automatically rotates a key. Must be at least one day.
1340 #
1341 # If rotation_period is set, next_rotation_time must also be set.
1342 "primary": { # A CryptoKeyVersion represents an individual cryptographic key, and the # Output only. A copy of the "primary" CryptoKeyVersion that will be used
1343 # by Encrypt when this CryptoKey is given
1344 # in EncryptRequest.name.
1345 #
1346 # The CryptoKey's primary version can be updated via
1347 # UpdateCryptoKeyPrimaryVersion.
1348 # associated key material.
1349 #
1350 # It can be used for cryptographic operations either directly, or via its
1351 # parent CryptoKey, in which case the server will choose the appropriate
1352 # version for the operation.
1353 "state": "A String", # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1354 "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
1355 # for destruction. Only present if state is
1356 # DESTROY_SCHEDULED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1357 "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1358 "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
1359 # destroyed. Only present if state is
1360 # DESTROYED.
Sai Cheemalapatie833b792017-03-24 15:06:46 -0700[diff] [blame^]1361 "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
1362 # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400[diff] [blame]1363 },
1364 "purpose": "A String", # The immutable purpose of this CryptoKey. Currently, the only acceptable
1365 # purpose is ENCRYPT_DECRYPT.
1366 "createTime": "A String", # Output only. The time at which this CryptoKey was created.
1367 "nextRotationTime": "A String", # At next_rotation_time, the Key Management Service will automatically:
1368 #
1369 # 1. Create a new version of this CryptoKey.
1370 # 2. Mark the new version as primary.
1371 #
1372 # Key rotations performed manually via
1373 # CreateCryptoKeyVersion and
1374 # UpdateCryptoKeyPrimaryVersion
1375 # do not affect next_rotation_time.
1376 }</pre>
1377</div>
1378
1379</body></html>