get(name, organizationId=None, x__xgafv=None)
Fetches an Organization resource identified by the specified resource name.
getIamPolicy(resource, body, x__xgafv=None)
Gets the access control policy for an Organization resource. May be empty
list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)
Lists Organization resources that are visible to the user and satisfy
list_next(previous_request, previous_response)
Retrieves the next page of results.
setIamPolicy(resource, body, x__xgafv=None)
Sets the access control policy on an Organization resource. Replaces any
testIamPermissions(resource, body, x__xgafv=None)
Returns permissions that a caller has on the specified Organization.
update(name, body, x__xgafv=None)
Updates an Organization resource identified by the specified resource name.
get(name, organizationId=None, x__xgafv=None)
Fetches an Organization resource identified by the specified resource name. Args: name: string, The resource name of the Organization to fetch, e.g. "organizations/1234". (required) organizationId: string, The id of the Organization resource to fetch. This field is deprecated and will be removed in v1. Use name instead. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # The root node in the resource hierarchy to which a particular entity's # (e.g., company) resources belong. "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. # Assigned by the server, set to the primary domain of the G Suite # customer that owns the organization. # @OutputOnly "name": "A String", # Output Only. The resource name of the organization. This is the # organization's relative path in the API. Its format is # "organizations/[organization_id]". For example, "organizations/1234". "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This # should be omitted when creating a new Organization. # This field is read-only. # This field is deprecated and will be removed in v1. Use name instead. "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. # @OutputOnly "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. # @OutputOnly "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on # creation. Once set, it cannot be changed. # This field is required. # all of its descendants are bound to the `OrganizationOwner`. If the # `OrganizationOwner` is deleted, the Organization and all its descendants will # be deleted. "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. }, }
getIamPolicy(resource, body, x__xgafv=None)
Gets the access control policy for an Organization resource. May be empty if no such policy or resource exists. The `resource` field should be the organization's resource name, e.g. "organizations/123". Args: resource: string, REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. (required) body: object, The request body. (required) The object takes the form of: { # Request message for `GetIamPolicy` method. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Defines an Identity and Access Management (IAM) policy. It is used to # specify access control policies for Cloud Platform resources. # # # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of # `members` to a `role`, where the members can be user accounts, Google groups, # Google domains, and service accounts. A `role` is a named list of permissions # defined by IAM. # # **Example** # # { # "bindings": [ # { # "role": "roles/owner", # "members": [ # "user:mike@example.com", # "group:admins@example.com", # "domain:google.com", # "serviceAccount:my-other-app@appspot.gserviceaccount.com", # ] # }, # { # "role": "roles/viewer", # "members": ["user:sean@example.com"] # } # ] # } # # For a description of IAM and its features, see the # [IAM developer's guide](https://cloud.google.com/iam). "bindings": [ # Associates a list of `members` to a `role`. # Multiple `bindings` must not be specified for the same `role`. # `bindings` with no members will result in an error. { # Associates `members` with a `role`. "role": "A String", # Role that is assigned to `members`. # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. # Required "members": [ # Specifies the identities requesting access for a Cloud Platform resource. # `members` can have the following values: # # * `allUsers`: A special identifier that represents anyone who is # on the internet; with or without a Google account. # # * `allAuthenticatedUsers`: A special identifier that represents anyone # who is authenticated with a Google account or a service account. # # * `user:{emailid}`: An email address that represents a specific Google # account. For example, `alice@gmail.com` or `joe@example.com`. # # # * `serviceAccount:{emailid}`: An email address that represents a service # account. For example, `my-other-app@appspot.gserviceaccount.com`. # # * `group:{emailid}`: An email address that represents a Google group. # For example, `admins@example.com`. # # # * `domain:{domain}`: A Google Apps domain name that represents all the # users of that domain. For example, `google.com` or `example.com`. # "A String", ], }, ], "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. # The configuration determines which permission types are logged, and what # identities, if any, are exempted from logging. # An AuditConfig must have one or more AuditLogConfigs. # # If there are AuditConfigs for both `allServices` and a specific service, # the union of the two AuditConfigs is used for that service: the log_types # specified in each AuditConfig are enabled, and the exempted_members in each # AuditConfig are exempted. # # Example Policy with multiple AuditConfigs: # # { # "audit_configs": [ # { # "service": "allServices" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # }, # { # "log_type": "ADMIN_READ", # } # ] # }, # { # "service": "fooservice.googleapis.com" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # }, # { # "log_type": "DATA_WRITE", # "exempted_members": [ # "user:bar@gmail.com" # ] # } # ] # } # ] # } # # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ # logging. It also exempts foo@gmail.com from DATA_READ logging, and # bar@gmail.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. # Next ID: 4 { # Provides the configuration for logging a type of permissions. # Example: # # { # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # } # ] # } # # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting # foo@gmail.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of # permission. # Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. # `allServices` is a special value that covers all services. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help # prevent simultaneous updates of a policy from overwriting each other. # It is strongly suggested that systems make use of the `etag` in the # read-modify-write cycle to perform policy updates in order to avoid race # conditions: An `etag` is returned in the response to `getIamPolicy`, and # systems are expected to put that etag in the request to `setIamPolicy` to # ensure that their change will be applied to the same version of the policy. # # If no `etag` is provided in the call to `setIamPolicy`, then the existing # policy is overwritten blindly. "version": 42, # Version of the `Policy`. The default version is 0. }
list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)
Lists Organization resources that are visible to the user and satisfy the specified filter. This method returns Organizations in an unspecified order. New Organizations do not necessarily appear at the end of the list. Args: pageSize: integer, The maximum number of Organizations to return in the response. This field is optional. filter: string, An optional query string used to filter the Organizations to return in the response. Filter rules are case-insensitive. Organizations may be filtered by `owner.directoryCustomerId` or by `domain`, where the domain is a Google for Work domain, for example: |Filter|Description| |------|-----------| |owner.directorycustomerid:123456789|Organizations with `owner.directory_customer_id` equal to `123456789`.| |domain:google.com|Organizations corresponding to the domain `google.com`.| This field is optional. pageToken: string, A pagination token returned from a previous call to `ListOrganizations` that indicates from where listing should continue. This field is optional. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # The response returned from the `ListOrganizations` method. "nextPageToken": "A String", # A pagination token to be used to retrieve the next page of results. If the # result is too large to fit within the page size specified in the request, # this field will be set with a token that can be used to fetch the next page # of results. If this field is empty, it indicates that this response # contains the last page of results. "organizations": [ # The list of Organizations that matched the list query, possibly paginated. { # The root node in the resource hierarchy to which a particular entity's # (e.g., company) resources belong. "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. # Assigned by the server, set to the primary domain of the G Suite # customer that owns the organization. # @OutputOnly "name": "A String", # Output Only. The resource name of the organization. This is the # organization's relative path in the API. Its format is # "organizations/[organization_id]". For example, "organizations/1234". "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This # should be omitted when creating a new Organization. # This field is read-only. # This field is deprecated and will be removed in v1. Use name instead. "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. # @OutputOnly "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. # @OutputOnly "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on # creation. Once set, it cannot be changed. # This field is required. # all of its descendants are bound to the `OrganizationOwner`. If the # `OrganizationOwner` is deleted, the Organization and all its descendants will # be deleted. "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. }, }, ], }
list_next(previous_request, previous_response)
Retrieves the next page of results. Args: previous_request: The request for the previous page. (required) previous_response: The response from the request for the previous page. (required) Returns: A request object that you can call 'execute()' on to request the next page. Returns None if there are no more items in the collection.
setIamPolicy(resource, body, x__xgafv=None)
Sets the access control policy on an Organization resource. Replaces any existing policy. The `resource` field should be the organization's resource name, e.g. "organizations/123". Args: resource: string, REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. (required) body: object, The request body. (required) The object takes the form of: { # Request message for `SetIamPolicy` method. "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of # the policy is limited to a few 10s of KB. An empty policy is a # valid policy but certain Cloud Platform services (such as Projects) # might reject them. # specify access control policies for Cloud Platform resources. # # # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of # `members` to a `role`, where the members can be user accounts, Google groups, # Google domains, and service accounts. A `role` is a named list of permissions # defined by IAM. # # **Example** # # { # "bindings": [ # { # "role": "roles/owner", # "members": [ # "user:mike@example.com", # "group:admins@example.com", # "domain:google.com", # "serviceAccount:my-other-app@appspot.gserviceaccount.com", # ] # }, # { # "role": "roles/viewer", # "members": ["user:sean@example.com"] # } # ] # } # # For a description of IAM and its features, see the # [IAM developer's guide](https://cloud.google.com/iam). "bindings": [ # Associates a list of `members` to a `role`. # Multiple `bindings` must not be specified for the same `role`. # `bindings` with no members will result in an error. { # Associates `members` with a `role`. "role": "A String", # Role that is assigned to `members`. # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. # Required "members": [ # Specifies the identities requesting access for a Cloud Platform resource. # `members` can have the following values: # # * `allUsers`: A special identifier that represents anyone who is # on the internet; with or without a Google account. # # * `allAuthenticatedUsers`: A special identifier that represents anyone # who is authenticated with a Google account or a service account. # # * `user:{emailid}`: An email address that represents a specific Google # account. For example, `alice@gmail.com` or `joe@example.com`. # # # * `serviceAccount:{emailid}`: An email address that represents a service # account. For example, `my-other-app@appspot.gserviceaccount.com`. # # * `group:{emailid}`: An email address that represents a Google group. # For example, `admins@example.com`. # # # * `domain:{domain}`: A Google Apps domain name that represents all the # users of that domain. For example, `google.com` or `example.com`. # "A String", ], }, ], "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. # The configuration determines which permission types are logged, and what # identities, if any, are exempted from logging. # An AuditConfig must have one or more AuditLogConfigs. # # If there are AuditConfigs for both `allServices` and a specific service, # the union of the two AuditConfigs is used for that service: the log_types # specified in each AuditConfig are enabled, and the exempted_members in each # AuditConfig are exempted. # # Example Policy with multiple AuditConfigs: # # { # "audit_configs": [ # { # "service": "allServices" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # }, # { # "log_type": "ADMIN_READ", # } # ] # }, # { # "service": "fooservice.googleapis.com" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # }, # { # "log_type": "DATA_WRITE", # "exempted_members": [ # "user:bar@gmail.com" # ] # } # ] # } # ] # } # # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ # logging. It also exempts foo@gmail.com from DATA_READ logging, and # bar@gmail.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. # Next ID: 4 { # Provides the configuration for logging a type of permissions. # Example: # # { # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # } # ] # } # # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting # foo@gmail.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of # permission. # Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. # `allServices` is a special value that covers all services. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help # prevent simultaneous updates of a policy from overwriting each other. # It is strongly suggested that systems make use of the `etag` in the # read-modify-write cycle to perform policy updates in order to avoid race # conditions: An `etag` is returned in the response to `getIamPolicy`, and # systems are expected to put that etag in the request to `setIamPolicy` to # ensure that their change will be applied to the same version of the policy. # # If no `etag` is provided in the call to `setIamPolicy`, then the existing # policy is overwritten blindly. "version": 42, # Version of the `Policy`. The default version is 0. }, "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only # the fields in the mask will be modified. If no mask is provided, the # following default mask is used: # paths: "bindings, etag" # This field is only used by Cloud IAM. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Defines an Identity and Access Management (IAM) policy. It is used to # specify access control policies for Cloud Platform resources. # # # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of # `members` to a `role`, where the members can be user accounts, Google groups, # Google domains, and service accounts. A `role` is a named list of permissions # defined by IAM. # # **Example** # # { # "bindings": [ # { # "role": "roles/owner", # "members": [ # "user:mike@example.com", # "group:admins@example.com", # "domain:google.com", # "serviceAccount:my-other-app@appspot.gserviceaccount.com", # ] # }, # { # "role": "roles/viewer", # "members": ["user:sean@example.com"] # } # ] # } # # For a description of IAM and its features, see the # [IAM developer's guide](https://cloud.google.com/iam). "bindings": [ # Associates a list of `members` to a `role`. # Multiple `bindings` must not be specified for the same `role`. # `bindings` with no members will result in an error. { # Associates `members` with a `role`. "role": "A String", # Role that is assigned to `members`. # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. # Required "members": [ # Specifies the identities requesting access for a Cloud Platform resource. # `members` can have the following values: # # * `allUsers`: A special identifier that represents anyone who is # on the internet; with or without a Google account. # # * `allAuthenticatedUsers`: A special identifier that represents anyone # who is authenticated with a Google account or a service account. # # * `user:{emailid}`: An email address that represents a specific Google # account. For example, `alice@gmail.com` or `joe@example.com`. # # # * `serviceAccount:{emailid}`: An email address that represents a service # account. For example, `my-other-app@appspot.gserviceaccount.com`. # # * `group:{emailid}`: An email address that represents a Google group. # For example, `admins@example.com`. # # # * `domain:{domain}`: A Google Apps domain name that represents all the # users of that domain. For example, `google.com` or `example.com`. # "A String", ], }, ], "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. # The configuration determines which permission types are logged, and what # identities, if any, are exempted from logging. # An AuditConfig must have one or more AuditLogConfigs. # # If there are AuditConfigs for both `allServices` and a specific service, # the union of the two AuditConfigs is used for that service: the log_types # specified in each AuditConfig are enabled, and the exempted_members in each # AuditConfig are exempted. # # Example Policy with multiple AuditConfigs: # # { # "audit_configs": [ # { # "service": "allServices" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # }, # { # "log_type": "ADMIN_READ", # } # ] # }, # { # "service": "fooservice.googleapis.com" # "audit_log_configs": [ # { # "log_type": "DATA_READ", # }, # { # "log_type": "DATA_WRITE", # "exempted_members": [ # "user:bar@gmail.com" # ] # } # ] # } # ] # } # # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ # logging. It also exempts foo@gmail.com from DATA_READ logging, and # bar@gmail.com from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. # Next ID: 4 { # Provides the configuration for logging a type of permissions. # Example: # # { # "audit_log_configs": [ # { # "log_type": "DATA_READ", # "exempted_members": [ # "user:foo@gmail.com" # ] # }, # { # "log_type": "DATA_WRITE", # } # ] # } # # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting # foo@gmail.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of # permission. # Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. # `allServices` is a special value that covers all services. }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help # prevent simultaneous updates of a policy from overwriting each other. # It is strongly suggested that systems make use of the `etag` in the # read-modify-write cycle to perform policy updates in order to avoid race # conditions: An `etag` is returned in the response to `getIamPolicy`, and # systems are expected to put that etag in the request to `setIamPolicy` to # ensure that their change will be applied to the same version of the policy. # # If no `etag` is provided in the call to `setIamPolicy`, then the existing # policy is overwritten blindly. "version": 42, # Version of the `Policy`. The default version is 0. }
testIamPermissions(resource, body, x__xgafv=None)
Returns permissions that a caller has on the specified Organization. The `resource` field should be the organization's resource name, e.g. "organizations/123". Args: resource: string, REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. (required) body: object, The request body. (required) The object takes the form of: { # Request message for `TestIamPermissions` method. "permissions": [ # The set of permissions to check for the `resource`. Permissions with # wildcards (such as '*' or 'storage.*') are not allowed. For more # information see # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). "A String", ], } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Response message for `TestIamPermissions` method. "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is # allowed. "A String", ], }
update(name, body, x__xgafv=None)
Updates an Organization resource identified by the specified resource name. Args: name: string, Output Only. The resource name of the organization. This is the organization's relative path in the API. Its format is "organizations/[organization_id]". For example, "organizations/1234". (required) body: object, The request body. (required) The object takes the form of: { # The root node in the resource hierarchy to which a particular entity's # (e.g., company) resources belong. "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. # Assigned by the server, set to the primary domain of the G Suite # customer that owns the organization. # @OutputOnly "name": "A String", # Output Only. The resource name of the organization. This is the # organization's relative path in the API. Its format is # "organizations/[organization_id]". For example, "organizations/1234". "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This # should be omitted when creating a new Organization. # This field is read-only. # This field is deprecated and will be removed in v1. Use name instead. "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. # @OutputOnly "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. # @OutputOnly "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on # creation. Once set, it cannot be changed. # This field is required. # all of its descendants are bound to the `OrganizationOwner`. If the # `OrganizationOwner` is deleted, the Organization and all its descendants will # be deleted. "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. }, } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # The root node in the resource hierarchy to which a particular entity's # (e.g., company) resources belong. "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. # Assigned by the server, set to the primary domain of the G Suite # customer that owns the organization. # @OutputOnly "name": "A String", # Output Only. The resource name of the organization. This is the # organization's relative path in the API. Its format is # "organizations/[organization_id]". For example, "organizations/1234". "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This # should be omitted when creating a new Organization. # This field is read-only. # This field is deprecated and will be removed in v1. Use name instead. "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. # @OutputOnly "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. # @OutputOnly "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on # creation. Once set, it cannot be changed. # This field is required. # all of its descendants are bound to the `OrganizationOwner`. If the # `OrganizationOwner` is deleted, the Organization and all its descendants will # be deleted. "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. }, }