1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="sourcerepo_v1.html">Cloud Source Repositories API</a> . <a href="sourcerepo_v1.projects.html">projects</a> . <a href="sourcerepo_v1.projects.repos.html">repos</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 79<p class="firstline">Creates a repo in the given project with the given name.</p> 80<p class="toc_element"> 81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Deletes a repo.</p> 83<p class="toc_element"> 84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns information about a repo.</p> 86<p class="toc_element"> 87 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 88<p class="firstline">Gets the access control policy for a resource.</p> 89<p class="toc_element"> 90 <code><a href="#list">list(name, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 91<p class="firstline">Returns all repos belonging to a project. The sizes of the repos are</p> 92<p class="toc_element"> 93 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 94<p class="firstline">Retrieves the next page of results.</p> 95<p class="toc_element"> 96 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 97<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 98<p class="toc_element"> 99 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 100<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 101<h3>Method Details</h3> 102<div class="method"> 103 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 104 <pre>Creates a repo in the given project with the given name. 105 106If the named repository already exists, `CreateRepo` returns 107`ALREADY_EXISTS`. 108 109Args: 110 parent: string, The project in which to create the repo. Values are of the form 111`projects/<project>`. (required) 112 body: object, The request body. (required) 113 The object takes the form of: 114 115{ # A repository (or repo) is a Git repository storing versioned source content. 116 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories. 117 "size": "A String", # The disk usage of the repo, in bytes. 118 # Only returned by GetRepo. 119 "name": "A String", # Resource name of the repository, of the form 120 # `projects/<project>/repos/<repo>`. The repo name may contain slashes. 121 # eg, `projects/myproject/repos/name/with/slash` 122 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service. 123 # hosting service, for example GitHub or BitBucket. 124 "url": "A String", # URL of the main repository at the other hosting service. 125 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring. 126 # Removing this webook from the other hosting service will stop 127 # Google Cloud Source Repositories from receiving notifications, 128 # and thereby disabling mirroring. 129 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service. 130 # Removing this key from the other service would deauthorize 131 # Google Cloud Source Repositories from mirroring. 132 }, 133} 134 135 x__xgafv: string, V1 error format. 136 Allowed values 137 1 - v1 error format 138 2 - v2 error format 139 140Returns: 141 An object of the form: 142 143 { # A repository (or repo) is a Git repository storing versioned source content. 144 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories. 145 "size": "A String", # The disk usage of the repo, in bytes. 146 # Only returned by GetRepo. 147 "name": "A String", # Resource name of the repository, of the form 148 # `projects/<project>/repos/<repo>`. The repo name may contain slashes. 149 # eg, `projects/myproject/repos/name/with/slash` 150 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service. 151 # hosting service, for example GitHub or BitBucket. 152 "url": "A String", # URL of the main repository at the other hosting service. 153 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring. 154 # Removing this webook from the other hosting service will stop 155 # Google Cloud Source Repositories from receiving notifications, 156 # and thereby disabling mirroring. 157 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service. 158 # Removing this key from the other service would deauthorize 159 # Google Cloud Source Repositories from mirroring. 160 }, 161 }</pre> 162</div> 163 164<div class="method"> 165 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 166 <pre>Deletes a repo. 167 168Args: 169 name: string, The name of the repo to delete. Values are of the form 170`projects/<project>/repos/<repo>`. (required) 171 x__xgafv: string, V1 error format. 172 Allowed values 173 1 - v1 error format 174 2 - v2 error format 175 176Returns: 177 An object of the form: 178 179 { # A generic empty message that you can re-use to avoid defining duplicated 180 # empty messages in your APIs. A typical example is to use it as the request 181 # or the response type of an API method. For instance: 182 # 183 # service Foo { 184 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 185 # } 186 # 187 # The JSON representation for `Empty` is empty JSON object `{}`. 188 }</pre> 189</div> 190 191<div class="method"> 192 <code class="details" id="get">get(name, x__xgafv=None)</code> 193 <pre>Returns information about a repo. 194 195Args: 196 name: string, The name of the requested repository. Values are of the form 197`projects/<project>/repos/<repo>`. (required) 198 x__xgafv: string, V1 error format. 199 Allowed values 200 1 - v1 error format 201 2 - v2 error format 202 203Returns: 204 An object of the form: 205 206 { # A repository (or repo) is a Git repository storing versioned source content. 207 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories. 208 "size": "A String", # The disk usage of the repo, in bytes. 209 # Only returned by GetRepo. 210 "name": "A String", # Resource name of the repository, of the form 211 # `projects/<project>/repos/<repo>`. The repo name may contain slashes. 212 # eg, `projects/myproject/repos/name/with/slash` 213 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service. 214 # hosting service, for example GitHub or BitBucket. 215 "url": "A String", # URL of the main repository at the other hosting service. 216 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring. 217 # Removing this webook from the other hosting service will stop 218 # Google Cloud Source Repositories from receiving notifications, 219 # and thereby disabling mirroring. 220 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service. 221 # Removing this key from the other service would deauthorize 222 # Google Cloud Source Repositories from mirroring. 223 }, 224 }</pre> 225</div> 226 227<div class="method"> 228 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 229 <pre>Gets the access control policy for a resource. 230Returns an empty policy if the resource exists and does not have a policy 231set. 232 233Args: 234 resource: string, REQUIRED: The resource for which the policy is being requested. 235See the operation documentation for the appropriate value for this field. (required) 236 x__xgafv: string, V1 error format. 237 Allowed values 238 1 - v1 error format 239 2 - v2 error format 240 241Returns: 242 An object of the form: 243 244 { # Defines an Identity and Access Management (IAM) policy. It is used to 245 # specify access control policies for Cloud Platform resources. 246 # 247 # 248 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 249 # `members` to a `role`, where the members can be user accounts, Google groups, 250 # Google domains, and service accounts. A `role` is a named list of permissions 251 # defined by IAM. 252 # 253 # **Example** 254 # 255 # { 256 # "bindings": [ 257 # { 258 # "role": "roles/owner", 259 # "members": [ 260 # "user:mike@example.com", 261 # "group:admins@example.com", 262 # "domain:google.com", 263 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 264 # ] 265 # }, 266 # { 267 # "role": "roles/viewer", 268 # "members": ["user:sean@example.com"] 269 # } 270 # ] 271 # } 272 # 273 # For a description of IAM and its features, see the 274 # [IAM developer's guide](https://cloud.google.com/iam). 275 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 276 { # Specifies the audit configuration for a service. 277 # The configuration determines which permission types are logged, and what 278 # identities, if any, are exempted from logging. 279 # An AuditConfig must have one or more AuditLogConfigs. 280 # 281 # If there are AuditConfigs for both `allServices` and a specific service, 282 # the union of the two AuditConfigs is used for that service: the log_types 283 # specified in each AuditConfig are enabled, and the exempted_members in each 284 # AuditConfig are exempted. 285 # 286 # Example Policy with multiple AuditConfigs: 287 # 288 # { 289 # "audit_configs": [ 290 # { 291 # "service": "allServices" 292 # "audit_log_configs": [ 293 # { 294 # "log_type": "DATA_READ", 295 # "exempted_members": [ 296 # "user:foo@gmail.com" 297 # ] 298 # }, 299 # { 300 # "log_type": "DATA_WRITE", 301 # }, 302 # { 303 # "log_type": "ADMIN_READ", 304 # } 305 # ] 306 # }, 307 # { 308 # "service": "fooservice.googleapis.com" 309 # "audit_log_configs": [ 310 # { 311 # "log_type": "DATA_READ", 312 # }, 313 # { 314 # "log_type": "DATA_WRITE", 315 # "exempted_members": [ 316 # "user:bar@gmail.com" 317 # ] 318 # } 319 # ] 320 # } 321 # ] 322 # } 323 # 324 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 325 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 326 # bar@gmail.com from DATA_WRITE logging. 327 "exemptedMembers": [ 328 "A String", 329 ], 330 "auditLogConfigs": [ # The configuration for logging of each type of permission. 331 # Next ID: 4 332 { # Provides the configuration for logging a type of permissions. 333 # Example: 334 # 335 # { 336 # "audit_log_configs": [ 337 # { 338 # "log_type": "DATA_READ", 339 # "exempted_members": [ 340 # "user:foo@gmail.com" 341 # ] 342 # }, 343 # { 344 # "log_type": "DATA_WRITE", 345 # } 346 # ] 347 # } 348 # 349 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 350 # foo@gmail.com from DATA_READ logging. 351 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 352 # permission. 353 # Follows the same format of Binding.members. 354 "A String", 355 ], 356 "logType": "A String", # The log type that this config enables. 357 }, 358 ], 359 "service": "A String", # Specifies a service that will be enabled for audit logging. 360 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 361 # `allServices` is a special value that covers all services. 362 }, 363 ], 364 "version": 42, # Version of the `Policy`. The default version is 0. 365 "rules": [ # If more than one rule is specified, the rules are applied in the following 366 # manner: 367 # - All matching LOG rules are always applied. 368 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 369 # Logging will be applied if one or more matching rule requires logging. 370 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 371 # granted. 372 # Logging will be applied if one or more matching rule requires logging. 373 # - Otherwise, if no rule applies, permission is denied. 374 { # A rule to be applied in a Policy. 375 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 376 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 377 # The format for in and not_in entries is the same as for members in a 378 # Binding (see google/iam/v1/policy.proto). 379 "A String", 380 ], 381 "description": "A String", # Human-readable description of the rule. 382 "in": [ # If one or more 'in' clauses are specified, the rule matches if 383 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 384 "A String", 385 ], 386 "action": "A String", # Required 387 "conditions": [ # Additional restrictions that must be met 388 { # A condition to be met. 389 "iam": "A String", # Trusted attributes supplied by the IAM system. 390 "svc": "A String", # Trusted attributes discharged by the service. 391 "value": "A String", # DEPRECATED. Use 'values' instead. 392 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 393 # the IAM system for access control. 394 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 395 "A String", 396 ], 397 "op": "A String", # An operator to apply the subject with. 398 }, 399 ], 400 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 401 # that match the LOG action. 402 { # Specifies what kind of log the caller must write 403 "counter": { # Options for counters # Counter options. 404 "field": "A String", # The field value to attribute. 405 "metric": "A String", # The metric to update. 406 }, 407 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 408 }, 409 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 410 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 411 }, 412 }, 413 ], 414 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 415 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 416 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 417 "A String", 418 ], 419 }, 420 ], 421 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 422 # prevent simultaneous updates of a policy from overwriting each other. 423 # It is strongly suggested that systems make use of the `etag` in the 424 # read-modify-write cycle to perform policy updates in order to avoid race 425 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 426 # systems are expected to put that etag in the request to `setIamPolicy` to 427 # ensure that their change will be applied to the same version of the policy. 428 # 429 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 430 # policy is overwritten blindly. 431 "bindings": [ # Associates a list of `members` to a `role`. 432 # Multiple `bindings` must not be specified for the same `role`. 433 # `bindings` with no members will result in an error. 434 { # Associates `members` with a `role`. 435 "role": "A String", # Role that is assigned to `members`. 436 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 437 # Required 438 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 439 # `members` can have the following values: 440 # 441 # * `allUsers`: A special identifier that represents anyone who is 442 # on the internet; with or without a Google account. 443 # 444 # * `allAuthenticatedUsers`: A special identifier that represents anyone 445 # who is authenticated with a Google account or a service account. 446 # 447 # * `user:{emailid}`: An email address that represents a specific Google 448 # account. For example, `alice@gmail.com` or `joe@example.com`. 449 # 450 # 451 # * `serviceAccount:{emailid}`: An email address that represents a service 452 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 453 # 454 # * `group:{emailid}`: An email address that represents a Google group. 455 # For example, `admins@example.com`. 456 # 457 # 458 # * `domain:{domain}`: A Google Apps domain name that represents all the 459 # users of that domain. For example, `google.com` or `example.com`. 460 # 461 "A String", 462 ], 463 }, 464 ], 465 "iamOwned": True or False, 466 }</pre> 467</div> 468 469<div class="method"> 470 <code class="details" id="list">list(name, pageToken=None, x__xgafv=None, pageSize=None)</code> 471 <pre>Returns all repos belonging to a project. The sizes of the repos are 472not set by ListRepos. To get the size of a repo, use GetRepo. 473 474Args: 475 name: string, The project ID whose repos should be listed. Values are of the form 476`projects/<project>`. (required) 477 pageToken: string, Resume listing repositories where a prior ListReposResponse 478left off. This is an opaque token that must be obtained from 479a recent, prior ListReposResponse's next_page_token field. 480 x__xgafv: string, V1 error format. 481 Allowed values 482 1 - v1 error format 483 2 - v2 error format 484 pageSize: integer, Maximum number of repositories to return; between 1 and 500. 485If not set or zero, defaults to 100 at the server. 486 487Returns: 488 An object of the form: 489 490 { # Response for ListRepos. The size is not set in the returned repositories. 491 "nextPageToken": "A String", # If non-empty, additional repositories exist within the project. These 492 # can be retrieved by including this value in the next ListReposRequest's 493 # page_token field. 494 "repos": [ # The listed repos. 495 { # A repository (or repo) is a Git repository storing versioned source content. 496 "url": "A String", # URL to clone the repository from Google Cloud Source Repositories. 497 "size": "A String", # The disk usage of the repo, in bytes. 498 # Only returned by GetRepo. 499 "name": "A String", # Resource name of the repository, of the form 500 # `projects/<project>/repos/<repo>`. The repo name may contain slashes. 501 # eg, `projects/myproject/repos/name/with/slash` 502 "mirrorConfig": { # Configuration to automatically mirror a repository from another # How this repository mirrors a repository managed by another service. 503 # hosting service, for example GitHub or BitBucket. 504 "url": "A String", # URL of the main repository at the other hosting service. 505 "webhookId": "A String", # ID of the webhook listening to updates to trigger mirroring. 506 # Removing this webook from the other hosting service will stop 507 # Google Cloud Source Repositories from receiving notifications, 508 # and thereby disabling mirroring. 509 "deployKeyId": "A String", # ID of the SSH deploy key at the other hosting service. 510 # Removing this key from the other service would deauthorize 511 # Google Cloud Source Repositories from mirroring. 512 }, 513 }, 514 ], 515 }</pre> 516</div> 517 518<div class="method"> 519 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 520 <pre>Retrieves the next page of results. 521 522Args: 523 previous_request: The request for the previous page. (required) 524 previous_response: The response from the request for the previous page. (required) 525 526Returns: 527 A request object that you can call 'execute()' on to request the next 528 page. Returns None if there are no more items in the collection. 529 </pre> 530</div> 531 532<div class="method"> 533 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 534 <pre>Sets the access control policy on the specified resource. Replaces any 535existing policy. 536 537Args: 538 resource: string, REQUIRED: The resource for which the policy is being specified. 539See the operation documentation for the appropriate value for this field. (required) 540 body: object, The request body. (required) 541 The object takes the form of: 542 543{ # Request message for `SetIamPolicy` method. 544 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 545 # the policy is limited to a few 10s of KB. An empty policy is a 546 # valid policy but certain Cloud Platform services (such as Projects) 547 # might reject them. 548 # specify access control policies for Cloud Platform resources. 549 # 550 # 551 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 552 # `members` to a `role`, where the members can be user accounts, Google groups, 553 # Google domains, and service accounts. A `role` is a named list of permissions 554 # defined by IAM. 555 # 556 # **Example** 557 # 558 # { 559 # "bindings": [ 560 # { 561 # "role": "roles/owner", 562 # "members": [ 563 # "user:mike@example.com", 564 # "group:admins@example.com", 565 # "domain:google.com", 566 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 567 # ] 568 # }, 569 # { 570 # "role": "roles/viewer", 571 # "members": ["user:sean@example.com"] 572 # } 573 # ] 574 # } 575 # 576 # For a description of IAM and its features, see the 577 # [IAM developer's guide](https://cloud.google.com/iam). 578 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 579 { # Specifies the audit configuration for a service. 580 # The configuration determines which permission types are logged, and what 581 # identities, if any, are exempted from logging. 582 # An AuditConfig must have one or more AuditLogConfigs. 583 # 584 # If there are AuditConfigs for both `allServices` and a specific service, 585 # the union of the two AuditConfigs is used for that service: the log_types 586 # specified in each AuditConfig are enabled, and the exempted_members in each 587 # AuditConfig are exempted. 588 # 589 # Example Policy with multiple AuditConfigs: 590 # 591 # { 592 # "audit_configs": [ 593 # { 594 # "service": "allServices" 595 # "audit_log_configs": [ 596 # { 597 # "log_type": "DATA_READ", 598 # "exempted_members": [ 599 # "user:foo@gmail.com" 600 # ] 601 # }, 602 # { 603 # "log_type": "DATA_WRITE", 604 # }, 605 # { 606 # "log_type": "ADMIN_READ", 607 # } 608 # ] 609 # }, 610 # { 611 # "service": "fooservice.googleapis.com" 612 # "audit_log_configs": [ 613 # { 614 # "log_type": "DATA_READ", 615 # }, 616 # { 617 # "log_type": "DATA_WRITE", 618 # "exempted_members": [ 619 # "user:bar@gmail.com" 620 # ] 621 # } 622 # ] 623 # } 624 # ] 625 # } 626 # 627 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 628 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 629 # bar@gmail.com from DATA_WRITE logging. 630 "exemptedMembers": [ 631 "A String", 632 ], 633 "auditLogConfigs": [ # The configuration for logging of each type of permission. 634 # Next ID: 4 635 { # Provides the configuration for logging a type of permissions. 636 # Example: 637 # 638 # { 639 # "audit_log_configs": [ 640 # { 641 # "log_type": "DATA_READ", 642 # "exempted_members": [ 643 # "user:foo@gmail.com" 644 # ] 645 # }, 646 # { 647 # "log_type": "DATA_WRITE", 648 # } 649 # ] 650 # } 651 # 652 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 653 # foo@gmail.com from DATA_READ logging. 654 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 655 # permission. 656 # Follows the same format of Binding.members. 657 "A String", 658 ], 659 "logType": "A String", # The log type that this config enables. 660 }, 661 ], 662 "service": "A String", # Specifies a service that will be enabled for audit logging. 663 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 664 # `allServices` is a special value that covers all services. 665 }, 666 ], 667 "version": 42, # Version of the `Policy`. The default version is 0. 668 "rules": [ # If more than one rule is specified, the rules are applied in the following 669 # manner: 670 # - All matching LOG rules are always applied. 671 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 672 # Logging will be applied if one or more matching rule requires logging. 673 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 674 # granted. 675 # Logging will be applied if one or more matching rule requires logging. 676 # - Otherwise, if no rule applies, permission is denied. 677 { # A rule to be applied in a Policy. 678 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 679 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 680 # The format for in and not_in entries is the same as for members in a 681 # Binding (see google/iam/v1/policy.proto). 682 "A String", 683 ], 684 "description": "A String", # Human-readable description of the rule. 685 "in": [ # If one or more 'in' clauses are specified, the rule matches if 686 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 687 "A String", 688 ], 689 "action": "A String", # Required 690 "conditions": [ # Additional restrictions that must be met 691 { # A condition to be met. 692 "iam": "A String", # Trusted attributes supplied by the IAM system. 693 "svc": "A String", # Trusted attributes discharged by the service. 694 "value": "A String", # DEPRECATED. Use 'values' instead. 695 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 696 # the IAM system for access control. 697 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 698 "A String", 699 ], 700 "op": "A String", # An operator to apply the subject with. 701 }, 702 ], 703 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 704 # that match the LOG action. 705 { # Specifies what kind of log the caller must write 706 "counter": { # Options for counters # Counter options. 707 "field": "A String", # The field value to attribute. 708 "metric": "A String", # The metric to update. 709 }, 710 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 711 }, 712 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 713 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 714 }, 715 }, 716 ], 717 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 718 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 719 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 720 "A String", 721 ], 722 }, 723 ], 724 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 725 # prevent simultaneous updates of a policy from overwriting each other. 726 # It is strongly suggested that systems make use of the `etag` in the 727 # read-modify-write cycle to perform policy updates in order to avoid race 728 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 729 # systems are expected to put that etag in the request to `setIamPolicy` to 730 # ensure that their change will be applied to the same version of the policy. 731 # 732 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 733 # policy is overwritten blindly. 734 "bindings": [ # Associates a list of `members` to a `role`. 735 # Multiple `bindings` must not be specified for the same `role`. 736 # `bindings` with no members will result in an error. 737 { # Associates `members` with a `role`. 738 "role": "A String", # Role that is assigned to `members`. 739 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 740 # Required 741 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 742 # `members` can have the following values: 743 # 744 # * `allUsers`: A special identifier that represents anyone who is 745 # on the internet; with or without a Google account. 746 # 747 # * `allAuthenticatedUsers`: A special identifier that represents anyone 748 # who is authenticated with a Google account or a service account. 749 # 750 # * `user:{emailid}`: An email address that represents a specific Google 751 # account. For example, `alice@gmail.com` or `joe@example.com`. 752 # 753 # 754 # * `serviceAccount:{emailid}`: An email address that represents a service 755 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 756 # 757 # * `group:{emailid}`: An email address that represents a Google group. 758 # For example, `admins@example.com`. 759 # 760 # 761 # * `domain:{domain}`: A Google Apps domain name that represents all the 762 # users of that domain. For example, `google.com` or `example.com`. 763 # 764 "A String", 765 ], 766 }, 767 ], 768 "iamOwned": True or False, 769 }, 770 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 771 # the fields in the mask will be modified. If no mask is provided, the 772 # following default mask is used: 773 # paths: "bindings, etag" 774 # This field is only used by Cloud IAM. 775 } 776 777 x__xgafv: string, V1 error format. 778 Allowed values 779 1 - v1 error format 780 2 - v2 error format 781 782Returns: 783 An object of the form: 784 785 { # Defines an Identity and Access Management (IAM) policy. It is used to 786 # specify access control policies for Cloud Platform resources. 787 # 788 # 789 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 790 # `members` to a `role`, where the members can be user accounts, Google groups, 791 # Google domains, and service accounts. A `role` is a named list of permissions 792 # defined by IAM. 793 # 794 # **Example** 795 # 796 # { 797 # "bindings": [ 798 # { 799 # "role": "roles/owner", 800 # "members": [ 801 # "user:mike@example.com", 802 # "group:admins@example.com", 803 # "domain:google.com", 804 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 805 # ] 806 # }, 807 # { 808 # "role": "roles/viewer", 809 # "members": ["user:sean@example.com"] 810 # } 811 # ] 812 # } 813 # 814 # For a description of IAM and its features, see the 815 # [IAM developer's guide](https://cloud.google.com/iam). 816 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 817 { # Specifies the audit configuration for a service. 818 # The configuration determines which permission types are logged, and what 819 # identities, if any, are exempted from logging. 820 # An AuditConfig must have one or more AuditLogConfigs. 821 # 822 # If there are AuditConfigs for both `allServices` and a specific service, 823 # the union of the two AuditConfigs is used for that service: the log_types 824 # specified in each AuditConfig are enabled, and the exempted_members in each 825 # AuditConfig are exempted. 826 # 827 # Example Policy with multiple AuditConfigs: 828 # 829 # { 830 # "audit_configs": [ 831 # { 832 # "service": "allServices" 833 # "audit_log_configs": [ 834 # { 835 # "log_type": "DATA_READ", 836 # "exempted_members": [ 837 # "user:foo@gmail.com" 838 # ] 839 # }, 840 # { 841 # "log_type": "DATA_WRITE", 842 # }, 843 # { 844 # "log_type": "ADMIN_READ", 845 # } 846 # ] 847 # }, 848 # { 849 # "service": "fooservice.googleapis.com" 850 # "audit_log_configs": [ 851 # { 852 # "log_type": "DATA_READ", 853 # }, 854 # { 855 # "log_type": "DATA_WRITE", 856 # "exempted_members": [ 857 # "user:bar@gmail.com" 858 # ] 859 # } 860 # ] 861 # } 862 # ] 863 # } 864 # 865 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 866 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 867 # bar@gmail.com from DATA_WRITE logging. 868 "exemptedMembers": [ 869 "A String", 870 ], 871 "auditLogConfigs": [ # The configuration for logging of each type of permission. 872 # Next ID: 4 873 { # Provides the configuration for logging a type of permissions. 874 # Example: 875 # 876 # { 877 # "audit_log_configs": [ 878 # { 879 # "log_type": "DATA_READ", 880 # "exempted_members": [ 881 # "user:foo@gmail.com" 882 # ] 883 # }, 884 # { 885 # "log_type": "DATA_WRITE", 886 # } 887 # ] 888 # } 889 # 890 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 891 # foo@gmail.com from DATA_READ logging. 892 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 893 # permission. 894 # Follows the same format of Binding.members. 895 "A String", 896 ], 897 "logType": "A String", # The log type that this config enables. 898 }, 899 ], 900 "service": "A String", # Specifies a service that will be enabled for audit logging. 901 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 902 # `allServices` is a special value that covers all services. 903 }, 904 ], 905 "version": 42, # Version of the `Policy`. The default version is 0. 906 "rules": [ # If more than one rule is specified, the rules are applied in the following 907 # manner: 908 # - All matching LOG rules are always applied. 909 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 910 # Logging will be applied if one or more matching rule requires logging. 911 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 912 # granted. 913 # Logging will be applied if one or more matching rule requires logging. 914 # - Otherwise, if no rule applies, permission is denied. 915 { # A rule to be applied in a Policy. 916 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 917 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 918 # The format for in and not_in entries is the same as for members in a 919 # Binding (see google/iam/v1/policy.proto). 920 "A String", 921 ], 922 "description": "A String", # Human-readable description of the rule. 923 "in": [ # If one or more 'in' clauses are specified, the rule matches if 924 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 925 "A String", 926 ], 927 "action": "A String", # Required 928 "conditions": [ # Additional restrictions that must be met 929 { # A condition to be met. 930 "iam": "A String", # Trusted attributes supplied by the IAM system. 931 "svc": "A String", # Trusted attributes discharged by the service. 932 "value": "A String", # DEPRECATED. Use 'values' instead. 933 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 934 # the IAM system for access control. 935 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 936 "A String", 937 ], 938 "op": "A String", # An operator to apply the subject with. 939 }, 940 ], 941 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 942 # that match the LOG action. 943 { # Specifies what kind of log the caller must write 944 "counter": { # Options for counters # Counter options. 945 "field": "A String", # The field value to attribute. 946 "metric": "A String", # The metric to update. 947 }, 948 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 949 }, 950 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 951 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 952 }, 953 }, 954 ], 955 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 956 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 957 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 958 "A String", 959 ], 960 }, 961 ], 962 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 963 # prevent simultaneous updates of a policy from overwriting each other. 964 # It is strongly suggested that systems make use of the `etag` in the 965 # read-modify-write cycle to perform policy updates in order to avoid race 966 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 967 # systems are expected to put that etag in the request to `setIamPolicy` to 968 # ensure that their change will be applied to the same version of the policy. 969 # 970 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 971 # policy is overwritten blindly. 972 "bindings": [ # Associates a list of `members` to a `role`. 973 # Multiple `bindings` must not be specified for the same `role`. 974 # `bindings` with no members will result in an error. 975 { # Associates `members` with a `role`. 976 "role": "A String", # Role that is assigned to `members`. 977 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 978 # Required 979 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 980 # `members` can have the following values: 981 # 982 # * `allUsers`: A special identifier that represents anyone who is 983 # on the internet; with or without a Google account. 984 # 985 # * `allAuthenticatedUsers`: A special identifier that represents anyone 986 # who is authenticated with a Google account or a service account. 987 # 988 # * `user:{emailid}`: An email address that represents a specific Google 989 # account. For example, `alice@gmail.com` or `joe@example.com`. 990 # 991 # 992 # * `serviceAccount:{emailid}`: An email address that represents a service 993 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 994 # 995 # * `group:{emailid}`: An email address that represents a Google group. 996 # For example, `admins@example.com`. 997 # 998 # 999 # * `domain:{domain}`: A Google Apps domain name that represents all the 1000 # users of that domain. For example, `google.com` or `example.com`. 1001 # 1002 "A String", 1003 ], 1004 }, 1005 ], 1006 "iamOwned": True or False, 1007 }</pre> 1008</div> 1009 1010<div class="method"> 1011 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1012 <pre>Returns permissions that a caller has on the specified resource. 1013If the resource does not exist, this will return an empty set of 1014permissions, not a NOT_FOUND error. 1015 1016Args: 1017 resource: string, REQUIRED: The resource for which the policy detail is being requested. 1018See the operation documentation for the appropriate value for this field. (required) 1019 body: object, The request body. (required) 1020 The object takes the form of: 1021 1022{ # Request message for `TestIamPermissions` method. 1023 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 1024 # wildcards (such as '*' or 'storage.*') are not allowed. For more 1025 # information see 1026 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 1027 "A String", 1028 ], 1029 } 1030 1031 x__xgafv: string, V1 error format. 1032 Allowed values 1033 1 - v1 error format 1034 2 - v2 error format 1035 1036Returns: 1037 An object of the form: 1038 1039 { # Response message for `TestIamPermissions` method. 1040 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1041 # allowed. 1042 "A String", 1043 ], 1044 }</pre> 1045</div> 1046 1047</body></html>