1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="spanner_v1.html">Cloud Spanner API</a> . <a href="spanner_v1.projects.html">projects</a> . <a href="spanner_v1.projects.instances.html">instances</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="spanner_v1.projects.instances.databases.html">databases()</a></code> 79</p> 80<p class="firstline">Returns the databases Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="spanner_v1.projects.instances.operations.html">operations()</a></code> 84</p> 85<p class="firstline">Returns the operations Resource.</p> 86 87<p class="toc_element"> 88 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 89<p class="firstline">Creates an instance and begins preparing it to begin serving. The</p> 90<p class="toc_element"> 91 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 92<p class="firstline">Deletes an instance.</p> 93<p class="toc_element"> 94 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 95<p class="firstline">Gets information about a particular instance.</p> 96<p class="toc_element"> 97 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p> 98<p class="firstline">Gets the access control policy for an instance resource. Returns an empty</p> 99<p class="toc_element"> 100 <code><a href="#list">list(parent, pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p> 101<p class="firstline">Lists all instances in the given project.</p> 102<p class="toc_element"> 103 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 104<p class="firstline">Retrieves the next page of results.</p> 105<p class="toc_element"> 106 <code><a href="#patch">patch(name, body, x__xgafv=None)</a></code></p> 107<p class="firstline">Updates an instance, and begins allocating or releasing resources</p> 108<p class="toc_element"> 109 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 110<p class="firstline">Sets the access control policy on an instance resource. Replaces any</p> 111<p class="toc_element"> 112 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 113<p class="firstline">Returns permissions that the caller has on the specified instance resource.</p> 114<h3>Method Details</h3> 115<div class="method"> 116 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 117 <pre>Creates an instance and begins preparing it to begin serving. The 118returned long-running operation 119can be used to track the progress of preparing the new 120instance. The instance name is assigned by the caller. If the 121named instance already exists, `CreateInstance` returns 122`ALREADY_EXISTS`. 123 124Immediately upon completion of this request: 125 126 * The instance is readable via the API, with all requested attributes 127 but no allocated resources. Its state is `CREATING`. 128 129Until completion of the returned operation: 130 131 * Cancelling the operation renders the instance immediately unreadable 132 via the API. 133 * The instance can be deleted. 134 * All other attempts to modify the instance are rejected. 135 136Upon completion of the returned operation: 137 138 * Billing for all successfully-allocated resources begins (some types 139 may have lower than the requested levels). 140 * Databases can be created in the instance. 141 * The instance's allocated resource levels are readable via the API. 142 * The instance's state becomes `READY`. 143 144The returned long-running operation will 145have a name of the format `<instance_name>/operations/<operation_id>` and 146can be used to track creation of the instance. The 147metadata field type is 148CreateInstanceMetadata. 149The response field type is 150Instance, if successful. 151 152Args: 153 parent: string, Required. The name of the project in which to create the instance. Values 154are of the form `projects/<project>`. (required) 155 body: object, The request body. (required) 156 The object takes the form of: 157 158{ # The request for CreateInstance. 159 "instanceId": "A String", # Required. The ID of the instance to create. Valid identifiers are of the 160 # form `a-z*[a-z0-9]` and must be between 6 and 30 characters in 161 # length. 162 "instance": { # An isolated set of Cloud Spanner resources on which databases can be hosted. # Required. The instance to create. The name may be omitted, but if 163 # specified must be `<parent>/instances/<instance_id>`. 164 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 165 # Must be unique per project and between 4 and 30 characters in length. 166 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 167 # after the instance is created. Values are of the form 168 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 169 # segment of the name must be between 6 and 30 characters in length. 170 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 171 # resources into groups that reflect a customer's organizational needs and 172 # deployment strategies. Cloud Labels can be used to filter collections of 173 # resources. They can be used to control how resource metrics are aggregated. 174 # And they can be used as arguments to policy management rules (e.g. route, 175 # firewall, load balancing, etc.). 176 # 177 # * Label keys must be between 1 and 63 characters long and must conform to 178 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 179 # * Label values must be between 0 and 63 characters long and must conform 180 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 181 # * No more than 64 labels can be associated with a given resource. 182 # 183 # See https://goo.gl/xmQnxf for more information on and examples of labels. 184 # 185 # If you plan to use labels in your own code, please note that additional 186 # characters may be allowed in the future. And so you are advised to use an 187 # internal label representation, such as JSON, which doesn't rely upon 188 # specific characters being disallowed. For example, representing labels 189 # as the string: name + "_" + value would prove problematic if we were to 190 # allow "_" in a future release. 191 "a_key": "A String", 192 }, 193 "state": "A String", # Output only. The current instance state. For 194 # CreateInstance, the state must be 195 # either omitted or set to `CREATING`. For 196 # UpdateInstance, the state must be 197 # either omitted or set to `READY`. 198 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 199 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 200 # `projects/<project>/instanceConfigs/<configuration>`. See 201 # also InstanceConfig and 202 # ListInstanceConfigs. 203 }, 204 } 205 206 x__xgafv: string, V1 error format. 207 Allowed values 208 1 - v1 error format 209 2 - v2 error format 210 211Returns: 212 An object of the form: 213 214 { # This resource represents a long-running operation that is the result of a 215 # network API call. 216 "metadata": { # Service-specific metadata associated with the operation. It typically 217 # contains progress information and common metadata such as create time. 218 # Some services might not provide such metadata. Any method that returns a 219 # long-running operation should document the metadata type, if any. 220 "a_key": "", # Properties of the object. Contains field @type with type URL. 221 }, 222 "done": True or False, # If the value is `false`, it means the operation is still in progress. 223 # If true, the operation is completed, and either `error` or `response` is 224 # available. 225 "response": { # The normal response of the operation in case of success. If the original 226 # method returns no data on success, such as `Delete`, the response is 227 # `google.protobuf.Empty`. If the original method is standard 228 # `Get`/`Create`/`Update`, the response should be the resource. For other 229 # methods, the response should have the type `XxxResponse`, where `Xxx` 230 # is the original method name. For example, if the original method name 231 # is `TakeSnapshot()`, the inferred response type is 232 # `TakeSnapshotResponse`. 233 "a_key": "", # Properties of the object. Contains field @type with type URL. 234 }, 235 "name": "A String", # The server-assigned name, which is only unique within the same service that 236 # originally returns it. If you use the default HTTP mapping, the 237 # `name` should have the format of `operations/some/unique/name`. 238 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 239 # programming environments, including REST APIs and RPC APIs. It is used by 240 # [gRPC](https://github.com/grpc). The error model is designed to be: 241 # 242 # - Simple to use and understand for most users 243 # - Flexible enough to meet unexpected needs 244 # 245 # # Overview 246 # 247 # The `Status` message contains three pieces of data: error code, error message, 248 # and error details. The error code should be an enum value of 249 # google.rpc.Code, but it may accept additional error codes if needed. The 250 # error message should be a developer-facing English message that helps 251 # developers *understand* and *resolve* the error. If a localized user-facing 252 # error message is needed, put the localized message in the error details or 253 # localize it in the client. The optional error details may contain arbitrary 254 # information about the error. There is a predefined set of error detail types 255 # in the package `google.rpc` which can be used for common error conditions. 256 # 257 # # Language mapping 258 # 259 # The `Status` message is the logical representation of the error model, but it 260 # is not necessarily the actual wire format. When the `Status` message is 261 # exposed in different client libraries and different wire protocols, it can be 262 # mapped differently. For example, it will likely be mapped to some exceptions 263 # in Java, but more likely mapped to some error codes in C. 264 # 265 # # Other uses 266 # 267 # The error model and the `Status` message can be used in a variety of 268 # environments, either with or without APIs, to provide a 269 # consistent developer experience across different environments. 270 # 271 # Example uses of this error model include: 272 # 273 # - Partial errors. If a service needs to return partial errors to the client, 274 # it may embed the `Status` in the normal response to indicate the partial 275 # errors. 276 # 277 # - Workflow errors. A typical workflow has multiple steps. Each step may 278 # have a `Status` message for error reporting purpose. 279 # 280 # - Batch operations. If a client uses batch request and batch response, the 281 # `Status` message should be used directly inside batch response, one for 282 # each error sub-response. 283 # 284 # - Asynchronous operations. If an API call embeds asynchronous operation 285 # results in its response, the status of those operations should be 286 # represented directly using the `Status` message. 287 # 288 # - Logging. If some API errors are stored in logs, the message `Status` could 289 # be used directly after any stripping needed for security/privacy reasons. 290 "message": "A String", # A developer-facing error message, which should be in English. Any 291 # user-facing error message should be localized and sent in the 292 # google.rpc.Status.details field, or localized by the client. 293 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 294 "details": [ # A list of messages that carry the error details. There will be a 295 # common set of message types for APIs to use. 296 { 297 "a_key": "", # Properties of the object. Contains field @type with type URL. 298 }, 299 ], 300 }, 301 }</pre> 302</div> 303 304<div class="method"> 305 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 306 <pre>Deletes an instance. 307 308Immediately upon completion of the request: 309 310 * Billing ceases for all of the instance's reserved resources. 311 312Soon afterward: 313 314 * The instance and *all of its databases* immediately and 315 irrevocably disappear from the API. All data in the databases 316 is permanently deleted. 317 318Args: 319 name: string, Required. The name of the instance to be deleted. Values are of the form 320`projects/<project>/instances/<instance>` (required) 321 x__xgafv: string, V1 error format. 322 Allowed values 323 1 - v1 error format 324 2 - v2 error format 325 326Returns: 327 An object of the form: 328 329 { # A generic empty message that you can re-use to avoid defining duplicated 330 # empty messages in your APIs. A typical example is to use it as the request 331 # or the response type of an API method. For instance: 332 # 333 # service Foo { 334 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 335 # } 336 # 337 # The JSON representation for `Empty` is empty JSON object `{}`. 338 }</pre> 339</div> 340 341<div class="method"> 342 <code class="details" id="get">get(name, x__xgafv=None)</code> 343 <pre>Gets information about a particular instance. 344 345Args: 346 name: string, Required. The name of the requested instance. Values are of the form 347`projects/<project>/instances/<instance>`. (required) 348 x__xgafv: string, V1 error format. 349 Allowed values 350 1 - v1 error format 351 2 - v2 error format 352 353Returns: 354 An object of the form: 355 356 { # An isolated set of Cloud Spanner resources on which databases can be hosted. 357 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 358 # Must be unique per project and between 4 and 30 characters in length. 359 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 360 # after the instance is created. Values are of the form 361 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 362 # segment of the name must be between 6 and 30 characters in length. 363 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 364 # resources into groups that reflect a customer's organizational needs and 365 # deployment strategies. Cloud Labels can be used to filter collections of 366 # resources. They can be used to control how resource metrics are aggregated. 367 # And they can be used as arguments to policy management rules (e.g. route, 368 # firewall, load balancing, etc.). 369 # 370 # * Label keys must be between 1 and 63 characters long and must conform to 371 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 372 # * Label values must be between 0 and 63 characters long and must conform 373 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 374 # * No more than 64 labels can be associated with a given resource. 375 # 376 # See https://goo.gl/xmQnxf for more information on and examples of labels. 377 # 378 # If you plan to use labels in your own code, please note that additional 379 # characters may be allowed in the future. And so you are advised to use an 380 # internal label representation, such as JSON, which doesn't rely upon 381 # specific characters being disallowed. For example, representing labels 382 # as the string: name + "_" + value would prove problematic if we were to 383 # allow "_" in a future release. 384 "a_key": "A String", 385 }, 386 "state": "A String", # Output only. The current instance state. For 387 # CreateInstance, the state must be 388 # either omitted or set to `CREATING`. For 389 # UpdateInstance, the state must be 390 # either omitted or set to `READY`. 391 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 392 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 393 # `projects/<project>/instanceConfigs/<configuration>`. See 394 # also InstanceConfig and 395 # ListInstanceConfigs. 396 }</pre> 397</div> 398 399<div class="method"> 400 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code> 401 <pre>Gets the access control policy for an instance resource. Returns an empty 402policy if an instance exists but does not have a policy set. 403 404Authorization requires `spanner.instances.getIamPolicy` on 405resource. 406 407Args: 408 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being retrieved. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 409 body: object, The request body. (required) 410 The object takes the form of: 411 412{ # Request message for `GetIamPolicy` method. 413 } 414 415 x__xgafv: string, V1 error format. 416 Allowed values 417 1 - v1 error format 418 2 - v2 error format 419 420Returns: 421 An object of the form: 422 423 { # Defines an Identity and Access Management (IAM) policy. It is used to 424 # specify access control policies for Cloud Platform resources. 425 # 426 # 427 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 428 # `members` to a `role`, where the members can be user accounts, Google groups, 429 # Google domains, and service accounts. A `role` is a named list of permissions 430 # defined by IAM. 431 # 432 # **Example** 433 # 434 # { 435 # "bindings": [ 436 # { 437 # "role": "roles/owner", 438 # "members": [ 439 # "user:mike@example.com", 440 # "group:admins@example.com", 441 # "domain:google.com", 442 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 443 # ] 444 # }, 445 # { 446 # "role": "roles/viewer", 447 # "members": ["user:sean@example.com"] 448 # } 449 # ] 450 # } 451 # 452 # For a description of IAM and its features, see the 453 # [IAM developer's guide](https://cloud.google.com/iam). 454 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 455 { # Specifies the audit configuration for a service. 456 # The configuration determines which permission types are logged, and what 457 # identities, if any, are exempted from logging. 458 # An AuditConifg must have one or more AuditLogConfigs. 459 # 460 # If there are AuditConfigs for both `allServices` and a specific service, 461 # the union of the two AuditConfigs is used for that service: the log_types 462 # specified in each AuditConfig are enabled, and the exempted_members in each 463 # AuditConfig are exempted. 464 # 465 # Example Policy with multiple AuditConfigs: 466 # 467 # { 468 # "audit_configs": [ 469 # { 470 # "service": "allServices" 471 # "audit_log_configs": [ 472 # { 473 # "log_type": "DATA_READ", 474 # "exempted_members": [ 475 # "user:foo@gmail.com" 476 # ] 477 # }, 478 # { 479 # "log_type": "DATA_WRITE", 480 # }, 481 # { 482 # "log_type": "ADMIN_READ", 483 # } 484 # ] 485 # }, 486 # { 487 # "service": "fooservice.googleapis.com" 488 # "audit_log_configs": [ 489 # { 490 # "log_type": "DATA_READ", 491 # }, 492 # { 493 # "log_type": "DATA_WRITE", 494 # "exempted_members": [ 495 # "user:bar@gmail.com" 496 # ] 497 # } 498 # ] 499 # } 500 # ] 501 # } 502 # 503 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 504 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 505 # bar@gmail.com from DATA_WRITE logging. 506 "exemptedMembers": [ 507 "A String", 508 ], 509 "auditLogConfigs": [ # The configuration for logging of each type of permission. 510 # Next ID: 4 511 { # Provides the configuration for logging a type of permissions. 512 # Example: 513 # 514 # { 515 # "audit_log_configs": [ 516 # { 517 # "log_type": "DATA_READ", 518 # "exempted_members": [ 519 # "user:foo@gmail.com" 520 # ] 521 # }, 522 # { 523 # "log_type": "DATA_WRITE", 524 # } 525 # ] 526 # } 527 # 528 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 529 # foo@gmail.com from DATA_READ logging. 530 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 531 # permission. 532 # Follows the same format of Binding.members. 533 "A String", 534 ], 535 "logType": "A String", # The log type that this config enables. 536 }, 537 ], 538 "service": "A String", # Specifies a service that will be enabled for audit logging. 539 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 540 # `allServices` is a special value that covers all services. 541 }, 542 ], 543 "rules": [ # If more than one rule is specified, the rules are applied in the following 544 # manner: 545 # - All matching LOG rules are always applied. 546 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 547 # Logging will be applied if one or more matching rule requires logging. 548 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 549 # granted. 550 # Logging will be applied if one or more matching rule requires logging. 551 # - Otherwise, if no rule applies, permission is denied. 552 { # A rule to be applied in a Policy. 553 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 554 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 555 # The format for in and not_in entries is the same as for members in a 556 # Binding (see google/iam/v1/policy.proto). 557 "A String", 558 ], 559 "description": "A String", # Human-readable description of the rule. 560 "in": [ # If one or more 'in' clauses are specified, the rule matches if 561 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 562 "A String", 563 ], 564 "action": "A String", # Required 565 "conditions": [ # Additional restrictions that must be met 566 { # A condition to be met. 567 "iam": "A String", # Trusted attributes supplied by the IAM system. 568 "svc": "A String", # Trusted attributes discharged by the service. 569 "value": "A String", # DEPRECATED. Use 'values' instead. 570 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 571 # the IAM system for access control. 572 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 573 "A String", 574 ], 575 "op": "A String", # An operator to apply the subject with. 576 }, 577 ], 578 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 579 # that match the LOG action. 580 { # Specifies what kind of log the caller must write 581 "counter": { # Options for counters # Counter options. 582 "field": "A String", # The field value to attribute. 583 "metric": "A String", # The metric to update. 584 }, 585 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 586 }, 587 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 588 }, 589 }, 590 ], 591 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 592 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 593 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 594 "A String", 595 ], 596 }, 597 ], 598 "version": 42, # Version of the `Policy`. The default version is 0. 599 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 600 # prevent simultaneous updates of a policy from overwriting each other. 601 # It is strongly suggested that systems make use of the `etag` in the 602 # read-modify-write cycle to perform policy updates in order to avoid race 603 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 604 # systems are expected to put that etag in the request to `setIamPolicy` to 605 # ensure that their change will be applied to the same version of the policy. 606 # 607 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 608 # policy is overwritten blindly. 609 "bindings": [ # Associates a list of `members` to a `role`. 610 # Multiple `bindings` must not be specified for the same `role`. 611 # `bindings` with no members will result in an error. 612 { # Associates `members` with a `role`. 613 "role": "A String", # Role that is assigned to `members`. 614 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 615 # Required 616 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 617 # `members` can have the following values: 618 # 619 # * `allUsers`: A special identifier that represents anyone who is 620 # on the internet; with or without a Google account. 621 # 622 # * `allAuthenticatedUsers`: A special identifier that represents anyone 623 # who is authenticated with a Google account or a service account. 624 # 625 # * `user:{emailid}`: An email address that represents a specific Google 626 # account. For example, `alice@gmail.com` or `joe@example.com`. 627 # 628 # 629 # * `serviceAccount:{emailid}`: An email address that represents a service 630 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 631 # 632 # * `group:{emailid}`: An email address that represents a Google group. 633 # For example, `admins@example.com`. 634 # 635 # * `domain:{domain}`: A Google Apps domain name that represents all the 636 # users of that domain. For example, `google.com` or `example.com`. 637 # 638 "A String", 639 ], 640 }, 641 ], 642 "iamOwned": True or False, 643 }</pre> 644</div> 645 646<div class="method"> 647 <code class="details" id="list">list(parent, pageSize=None, filter=None, pageToken=None, x__xgafv=None)</code> 648 <pre>Lists all instances in the given project. 649 650Args: 651 parent: string, Required. The name of the project for which a list of instances is 652requested. Values are of the form `projects/<project>`. (required) 653 pageSize: integer, Number of instances to be returned in the response. If 0 or less, defaults 654to the server's maximum allowed page size. 655 filter: string, An expression for filtering the results of the request. Filter rules are 656case insensitive. The fields eligible for filtering are: 657 658 * name 659 * display_name 660 * labels.key where key is the name of a label 661 662Some examples of using filters are: 663 664 * name:* --> The instance has a name. 665 * name:Howl --> The instance's name contains the string "howl". 666 * name:HOWL --> Equivalent to above. 667 * NAME:howl --> Equivalent to above. 668 * labels.env:* --> The instance has the label "env". 669 * labels.env:dev --> The instance has the label "env" and the value of 670 the label contains the string "dev". 671 * name:howl labels.env:dev --> The instance's name contains "howl" and 672 it has the label "env" with its value 673 containing "dev". 674 pageToken: string, If non-empty, `page_token` should contain a 675next_page_token from a 676previous ListInstancesResponse. 677 x__xgafv: string, V1 error format. 678 Allowed values 679 1 - v1 error format 680 2 - v2 error format 681 682Returns: 683 An object of the form: 684 685 { # The response for ListInstances. 686 "nextPageToken": "A String", # `next_page_token` can be sent in a subsequent 687 # ListInstances call to fetch more 688 # of the matching instances. 689 "instances": [ # The list of requested instances. 690 { # An isolated set of Cloud Spanner resources on which databases can be hosted. 691 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 692 # Must be unique per project and between 4 and 30 characters in length. 693 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 694 # after the instance is created. Values are of the form 695 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 696 # segment of the name must be between 6 and 30 characters in length. 697 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 698 # resources into groups that reflect a customer's organizational needs and 699 # deployment strategies. Cloud Labels can be used to filter collections of 700 # resources. They can be used to control how resource metrics are aggregated. 701 # And they can be used as arguments to policy management rules (e.g. route, 702 # firewall, load balancing, etc.). 703 # 704 # * Label keys must be between 1 and 63 characters long and must conform to 705 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 706 # * Label values must be between 0 and 63 characters long and must conform 707 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 708 # * No more than 64 labels can be associated with a given resource. 709 # 710 # See https://goo.gl/xmQnxf for more information on and examples of labels. 711 # 712 # If you plan to use labels in your own code, please note that additional 713 # characters may be allowed in the future. And so you are advised to use an 714 # internal label representation, such as JSON, which doesn't rely upon 715 # specific characters being disallowed. For example, representing labels 716 # as the string: name + "_" + value would prove problematic if we were to 717 # allow "_" in a future release. 718 "a_key": "A String", 719 }, 720 "state": "A String", # Output only. The current instance state. For 721 # CreateInstance, the state must be 722 # either omitted or set to `CREATING`. For 723 # UpdateInstance, the state must be 724 # either omitted or set to `READY`. 725 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 726 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 727 # `projects/<project>/instanceConfigs/<configuration>`. See 728 # also InstanceConfig and 729 # ListInstanceConfigs. 730 }, 731 ], 732 }</pre> 733</div> 734 735<div class="method"> 736 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 737 <pre>Retrieves the next page of results. 738 739Args: 740 previous_request: The request for the previous page. (required) 741 previous_response: The response from the request for the previous page. (required) 742 743Returns: 744 A request object that you can call 'execute()' on to request the next 745 page. Returns None if there are no more items in the collection. 746 </pre> 747</div> 748 749<div class="method"> 750 <code class="details" id="patch">patch(name, body, x__xgafv=None)</code> 751 <pre>Updates an instance, and begins allocating or releasing resources 752as requested. The returned long-running 753operation can be used to track the 754progress of updating the instance. If the named instance does not 755exist, returns `NOT_FOUND`. 756 757Immediately upon completion of this request: 758 759 * For resource types for which a decrease in the instance's allocation 760 has been requested, billing is based on the newly-requested level. 761 762Until completion of the returned operation: 763 764 * Cancelling the operation sets its metadata's 765 cancel_time, and begins 766 restoring resources to their pre-request values. The operation 767 is guaranteed to succeed at undoing all resource changes, 768 after which point it terminates with a `CANCELLED` status. 769 * All other attempts to modify the instance are rejected. 770 * Reading the instance via the API continues to give the pre-request 771 resource levels. 772 773Upon completion of the returned operation: 774 775 * Billing begins for all successfully-allocated resources (some types 776 may have lower than the requested levels). 777 * All newly-reserved resources are available for serving the instance's 778 tables. 779 * The instance's new resource levels are readable via the API. 780 781The returned long-running operation will 782have a name of the format `<instance_name>/operations/<operation_id>` and 783can be used to track the instance modification. The 784metadata field type is 785UpdateInstanceMetadata. 786The response field type is 787Instance, if successful. 788 789Authorization requires `spanner.instances.update` permission on 790resource name. 791 792Args: 793 name: string, Required. A unique identifier for the instance, which cannot be changed 794after the instance is created. Values are of the form 795`projects/<project>/instances/a-z*[a-z0-9]`. The final 796segment of the name must be between 6 and 30 characters in length. (required) 797 body: object, The request body. (required) 798 The object takes the form of: 799 800{ # The request for UpdateInstance. 801 "instance": { # An isolated set of Cloud Spanner resources on which databases can be hosted. # Required. The instance to update, which must always include the instance 802 # name. Otherwise, only fields mentioned in [][google.spanner.admin.instance.v1.UpdateInstanceRequest.field_mask] need be included. 803 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 804 # Must be unique per project and between 4 and 30 characters in length. 805 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 806 # after the instance is created. Values are of the form 807 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 808 # segment of the name must be between 6 and 30 characters in length. 809 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 810 # resources into groups that reflect a customer's organizational needs and 811 # deployment strategies. Cloud Labels can be used to filter collections of 812 # resources. They can be used to control how resource metrics are aggregated. 813 # And they can be used as arguments to policy management rules (e.g. route, 814 # firewall, load balancing, etc.). 815 # 816 # * Label keys must be between 1 and 63 characters long and must conform to 817 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 818 # * Label values must be between 0 and 63 characters long and must conform 819 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 820 # * No more than 64 labels can be associated with a given resource. 821 # 822 # See https://goo.gl/xmQnxf for more information on and examples of labels. 823 # 824 # If you plan to use labels in your own code, please note that additional 825 # characters may be allowed in the future. And so you are advised to use an 826 # internal label representation, such as JSON, which doesn't rely upon 827 # specific characters being disallowed. For example, representing labels 828 # as the string: name + "_" + value would prove problematic if we were to 829 # allow "_" in a future release. 830 "a_key": "A String", 831 }, 832 "state": "A String", # Output only. The current instance state. For 833 # CreateInstance, the state must be 834 # either omitted or set to `CREATING`. For 835 # UpdateInstance, the state must be 836 # either omitted or set to `READY`. 837 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 838 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 839 # `projects/<project>/instanceConfigs/<configuration>`. See 840 # also InstanceConfig and 841 # ListInstanceConfigs. 842 }, 843 "fieldMask": "A String", # Required. A mask specifying which fields in [][google.spanner.admin.instance.v1.UpdateInstanceRequest.instance] should be updated. 844 # The field mask must always be specified; this prevents any future fields in 845 # [][google.spanner.admin.instance.v1.Instance] from being erased accidentally by clients that do not know 846 # about them. 847 } 848 849 x__xgafv: string, V1 error format. 850 Allowed values 851 1 - v1 error format 852 2 - v2 error format 853 854Returns: 855 An object of the form: 856 857 { # This resource represents a long-running operation that is the result of a 858 # network API call. 859 "metadata": { # Service-specific metadata associated with the operation. It typically 860 # contains progress information and common metadata such as create time. 861 # Some services might not provide such metadata. Any method that returns a 862 # long-running operation should document the metadata type, if any. 863 "a_key": "", # Properties of the object. Contains field @type with type URL. 864 }, 865 "done": True or False, # If the value is `false`, it means the operation is still in progress. 866 # If true, the operation is completed, and either `error` or `response` is 867 # available. 868 "response": { # The normal response of the operation in case of success. If the original 869 # method returns no data on success, such as `Delete`, the response is 870 # `google.protobuf.Empty`. If the original method is standard 871 # `Get`/`Create`/`Update`, the response should be the resource. For other 872 # methods, the response should have the type `XxxResponse`, where `Xxx` 873 # is the original method name. For example, if the original method name 874 # is `TakeSnapshot()`, the inferred response type is 875 # `TakeSnapshotResponse`. 876 "a_key": "", # Properties of the object. Contains field @type with type URL. 877 }, 878 "name": "A String", # The server-assigned name, which is only unique within the same service that 879 # originally returns it. If you use the default HTTP mapping, the 880 # `name` should have the format of `operations/some/unique/name`. 881 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 882 # programming environments, including REST APIs and RPC APIs. It is used by 883 # [gRPC](https://github.com/grpc). The error model is designed to be: 884 # 885 # - Simple to use and understand for most users 886 # - Flexible enough to meet unexpected needs 887 # 888 # # Overview 889 # 890 # The `Status` message contains three pieces of data: error code, error message, 891 # and error details. The error code should be an enum value of 892 # google.rpc.Code, but it may accept additional error codes if needed. The 893 # error message should be a developer-facing English message that helps 894 # developers *understand* and *resolve* the error. If a localized user-facing 895 # error message is needed, put the localized message in the error details or 896 # localize it in the client. The optional error details may contain arbitrary 897 # information about the error. There is a predefined set of error detail types 898 # in the package `google.rpc` which can be used for common error conditions. 899 # 900 # # Language mapping 901 # 902 # The `Status` message is the logical representation of the error model, but it 903 # is not necessarily the actual wire format. When the `Status` message is 904 # exposed in different client libraries and different wire protocols, it can be 905 # mapped differently. For example, it will likely be mapped to some exceptions 906 # in Java, but more likely mapped to some error codes in C. 907 # 908 # # Other uses 909 # 910 # The error model and the `Status` message can be used in a variety of 911 # environments, either with or without APIs, to provide a 912 # consistent developer experience across different environments. 913 # 914 # Example uses of this error model include: 915 # 916 # - Partial errors. If a service needs to return partial errors to the client, 917 # it may embed the `Status` in the normal response to indicate the partial 918 # errors. 919 # 920 # - Workflow errors. A typical workflow has multiple steps. Each step may 921 # have a `Status` message for error reporting purpose. 922 # 923 # - Batch operations. If a client uses batch request and batch response, the 924 # `Status` message should be used directly inside batch response, one for 925 # each error sub-response. 926 # 927 # - Asynchronous operations. If an API call embeds asynchronous operation 928 # results in its response, the status of those operations should be 929 # represented directly using the `Status` message. 930 # 931 # - Logging. If some API errors are stored in logs, the message `Status` could 932 # be used directly after any stripping needed for security/privacy reasons. 933 "message": "A String", # A developer-facing error message, which should be in English. Any 934 # user-facing error message should be localized and sent in the 935 # google.rpc.Status.details field, or localized by the client. 936 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 937 "details": [ # A list of messages that carry the error details. There will be a 938 # common set of message types for APIs to use. 939 { 940 "a_key": "", # Properties of the object. Contains field @type with type URL. 941 }, 942 ], 943 }, 944 }</pre> 945</div> 946 947<div class="method"> 948 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 949 <pre>Sets the access control policy on an instance resource. Replaces any 950existing policy. 951 952Authorization requires `spanner.instances.setIamPolicy` on 953resource. 954 955Args: 956 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being set. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for databases resources. (required) 957 body: object, The request body. (required) 958 The object takes the form of: 959 960{ # Request message for `SetIamPolicy` method. 961 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 962 # the policy is limited to a few 10s of KB. An empty policy is a 963 # valid policy but certain Cloud Platform services (such as Projects) 964 # might reject them. 965 # specify access control policies for Cloud Platform resources. 966 # 967 # 968 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 969 # `members` to a `role`, where the members can be user accounts, Google groups, 970 # Google domains, and service accounts. A `role` is a named list of permissions 971 # defined by IAM. 972 # 973 # **Example** 974 # 975 # { 976 # "bindings": [ 977 # { 978 # "role": "roles/owner", 979 # "members": [ 980 # "user:mike@example.com", 981 # "group:admins@example.com", 982 # "domain:google.com", 983 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 984 # ] 985 # }, 986 # { 987 # "role": "roles/viewer", 988 # "members": ["user:sean@example.com"] 989 # } 990 # ] 991 # } 992 # 993 # For a description of IAM and its features, see the 994 # [IAM developer's guide](https://cloud.google.com/iam). 995 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 996 { # Specifies the audit configuration for a service. 997 # The configuration determines which permission types are logged, and what 998 # identities, if any, are exempted from logging. 999 # An AuditConifg must have one or more AuditLogConfigs. 1000 # 1001 # If there are AuditConfigs for both `allServices` and a specific service, 1002 # the union of the two AuditConfigs is used for that service: the log_types 1003 # specified in each AuditConfig are enabled, and the exempted_members in each 1004 # AuditConfig are exempted. 1005 # 1006 # Example Policy with multiple AuditConfigs: 1007 # 1008 # { 1009 # "audit_configs": [ 1010 # { 1011 # "service": "allServices" 1012 # "audit_log_configs": [ 1013 # { 1014 # "log_type": "DATA_READ", 1015 # "exempted_members": [ 1016 # "user:foo@gmail.com" 1017 # ] 1018 # }, 1019 # { 1020 # "log_type": "DATA_WRITE", 1021 # }, 1022 # { 1023 # "log_type": "ADMIN_READ", 1024 # } 1025 # ] 1026 # }, 1027 # { 1028 # "service": "fooservice.googleapis.com" 1029 # "audit_log_configs": [ 1030 # { 1031 # "log_type": "DATA_READ", 1032 # }, 1033 # { 1034 # "log_type": "DATA_WRITE", 1035 # "exempted_members": [ 1036 # "user:bar@gmail.com" 1037 # ] 1038 # } 1039 # ] 1040 # } 1041 # ] 1042 # } 1043 # 1044 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1045 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1046 # bar@gmail.com from DATA_WRITE logging. 1047 "exemptedMembers": [ 1048 "A String", 1049 ], 1050 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1051 # Next ID: 4 1052 { # Provides the configuration for logging a type of permissions. 1053 # Example: 1054 # 1055 # { 1056 # "audit_log_configs": [ 1057 # { 1058 # "log_type": "DATA_READ", 1059 # "exempted_members": [ 1060 # "user:foo@gmail.com" 1061 # ] 1062 # }, 1063 # { 1064 # "log_type": "DATA_WRITE", 1065 # } 1066 # ] 1067 # } 1068 # 1069 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1070 # foo@gmail.com from DATA_READ logging. 1071 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1072 # permission. 1073 # Follows the same format of Binding.members. 1074 "A String", 1075 ], 1076 "logType": "A String", # The log type that this config enables. 1077 }, 1078 ], 1079 "service": "A String", # Specifies a service that will be enabled for audit logging. 1080 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1081 # `allServices` is a special value that covers all services. 1082 }, 1083 ], 1084 "rules": [ # If more than one rule is specified, the rules are applied in the following 1085 # manner: 1086 # - All matching LOG rules are always applied. 1087 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1088 # Logging will be applied if one or more matching rule requires logging. 1089 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1090 # granted. 1091 # Logging will be applied if one or more matching rule requires logging. 1092 # - Otherwise, if no rule applies, permission is denied. 1093 { # A rule to be applied in a Policy. 1094 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1095 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1096 # The format for in and not_in entries is the same as for members in a 1097 # Binding (see google/iam/v1/policy.proto). 1098 "A String", 1099 ], 1100 "description": "A String", # Human-readable description of the rule. 1101 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1102 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1103 "A String", 1104 ], 1105 "action": "A String", # Required 1106 "conditions": [ # Additional restrictions that must be met 1107 { # A condition to be met. 1108 "iam": "A String", # Trusted attributes supplied by the IAM system. 1109 "svc": "A String", # Trusted attributes discharged by the service. 1110 "value": "A String", # DEPRECATED. Use 'values' instead. 1111 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1112 # the IAM system for access control. 1113 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 1114 "A String", 1115 ], 1116 "op": "A String", # An operator to apply the subject with. 1117 }, 1118 ], 1119 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1120 # that match the LOG action. 1121 { # Specifies what kind of log the caller must write 1122 "counter": { # Options for counters # Counter options. 1123 "field": "A String", # The field value to attribute. 1124 "metric": "A String", # The metric to update. 1125 }, 1126 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1127 }, 1128 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1129 }, 1130 }, 1131 ], 1132 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1133 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1134 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1135 "A String", 1136 ], 1137 }, 1138 ], 1139 "version": 42, # Version of the `Policy`. The default version is 0. 1140 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1141 # prevent simultaneous updates of a policy from overwriting each other. 1142 # It is strongly suggested that systems make use of the `etag` in the 1143 # read-modify-write cycle to perform policy updates in order to avoid race 1144 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1145 # systems are expected to put that etag in the request to `setIamPolicy` to 1146 # ensure that their change will be applied to the same version of the policy. 1147 # 1148 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1149 # policy is overwritten blindly. 1150 "bindings": [ # Associates a list of `members` to a `role`. 1151 # Multiple `bindings` must not be specified for the same `role`. 1152 # `bindings` with no members will result in an error. 1153 { # Associates `members` with a `role`. 1154 "role": "A String", # Role that is assigned to `members`. 1155 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1156 # Required 1157 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1158 # `members` can have the following values: 1159 # 1160 # * `allUsers`: A special identifier that represents anyone who is 1161 # on the internet; with or without a Google account. 1162 # 1163 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1164 # who is authenticated with a Google account or a service account. 1165 # 1166 # * `user:{emailid}`: An email address that represents a specific Google 1167 # account. For example, `alice@gmail.com` or `joe@example.com`. 1168 # 1169 # 1170 # * `serviceAccount:{emailid}`: An email address that represents a service 1171 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1172 # 1173 # * `group:{emailid}`: An email address that represents a Google group. 1174 # For example, `admins@example.com`. 1175 # 1176 # * `domain:{domain}`: A Google Apps domain name that represents all the 1177 # users of that domain. For example, `google.com` or `example.com`. 1178 # 1179 "A String", 1180 ], 1181 }, 1182 ], 1183 "iamOwned": True or False, 1184 }, 1185 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1186 # the fields in the mask will be modified. If no mask is provided, the 1187 # following default mask is used: 1188 # paths: "bindings, etag" 1189 # This field is only used by Cloud IAM. 1190 } 1191 1192 x__xgafv: string, V1 error format. 1193 Allowed values 1194 1 - v1 error format 1195 2 - v2 error format 1196 1197Returns: 1198 An object of the form: 1199 1200 { # Defines an Identity and Access Management (IAM) policy. It is used to 1201 # specify access control policies for Cloud Platform resources. 1202 # 1203 # 1204 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 1205 # `members` to a `role`, where the members can be user accounts, Google groups, 1206 # Google domains, and service accounts. A `role` is a named list of permissions 1207 # defined by IAM. 1208 # 1209 # **Example** 1210 # 1211 # { 1212 # "bindings": [ 1213 # { 1214 # "role": "roles/owner", 1215 # "members": [ 1216 # "user:mike@example.com", 1217 # "group:admins@example.com", 1218 # "domain:google.com", 1219 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 1220 # ] 1221 # }, 1222 # { 1223 # "role": "roles/viewer", 1224 # "members": ["user:sean@example.com"] 1225 # } 1226 # ] 1227 # } 1228 # 1229 # For a description of IAM and its features, see the 1230 # [IAM developer's guide](https://cloud.google.com/iam). 1231 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1232 { # Specifies the audit configuration for a service. 1233 # The configuration determines which permission types are logged, and what 1234 # identities, if any, are exempted from logging. 1235 # An AuditConifg must have one or more AuditLogConfigs. 1236 # 1237 # If there are AuditConfigs for both `allServices` and a specific service, 1238 # the union of the two AuditConfigs is used for that service: the log_types 1239 # specified in each AuditConfig are enabled, and the exempted_members in each 1240 # AuditConfig are exempted. 1241 # 1242 # Example Policy with multiple AuditConfigs: 1243 # 1244 # { 1245 # "audit_configs": [ 1246 # { 1247 # "service": "allServices" 1248 # "audit_log_configs": [ 1249 # { 1250 # "log_type": "DATA_READ", 1251 # "exempted_members": [ 1252 # "user:foo@gmail.com" 1253 # ] 1254 # }, 1255 # { 1256 # "log_type": "DATA_WRITE", 1257 # }, 1258 # { 1259 # "log_type": "ADMIN_READ", 1260 # } 1261 # ] 1262 # }, 1263 # { 1264 # "service": "fooservice.googleapis.com" 1265 # "audit_log_configs": [ 1266 # { 1267 # "log_type": "DATA_READ", 1268 # }, 1269 # { 1270 # "log_type": "DATA_WRITE", 1271 # "exempted_members": [ 1272 # "user:bar@gmail.com" 1273 # ] 1274 # } 1275 # ] 1276 # } 1277 # ] 1278 # } 1279 # 1280 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1281 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1282 # bar@gmail.com from DATA_WRITE logging. 1283 "exemptedMembers": [ 1284 "A String", 1285 ], 1286 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1287 # Next ID: 4 1288 { # Provides the configuration for logging a type of permissions. 1289 # Example: 1290 # 1291 # { 1292 # "audit_log_configs": [ 1293 # { 1294 # "log_type": "DATA_READ", 1295 # "exempted_members": [ 1296 # "user:foo@gmail.com" 1297 # ] 1298 # }, 1299 # { 1300 # "log_type": "DATA_WRITE", 1301 # } 1302 # ] 1303 # } 1304 # 1305 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1306 # foo@gmail.com from DATA_READ logging. 1307 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1308 # permission. 1309 # Follows the same format of Binding.members. 1310 "A String", 1311 ], 1312 "logType": "A String", # The log type that this config enables. 1313 }, 1314 ], 1315 "service": "A String", # Specifies a service that will be enabled for audit logging. 1316 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1317 # `allServices` is a special value that covers all services. 1318 }, 1319 ], 1320 "rules": [ # If more than one rule is specified, the rules are applied in the following 1321 # manner: 1322 # - All matching LOG rules are always applied. 1323 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1324 # Logging will be applied if one or more matching rule requires logging. 1325 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1326 # granted. 1327 # Logging will be applied if one or more matching rule requires logging. 1328 # - Otherwise, if no rule applies, permission is denied. 1329 { # A rule to be applied in a Policy. 1330 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1331 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1332 # The format for in and not_in entries is the same as for members in a 1333 # Binding (see google/iam/v1/policy.proto). 1334 "A String", 1335 ], 1336 "description": "A String", # Human-readable description of the rule. 1337 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1338 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1339 "A String", 1340 ], 1341 "action": "A String", # Required 1342 "conditions": [ # Additional restrictions that must be met 1343 { # A condition to be met. 1344 "iam": "A String", # Trusted attributes supplied by the IAM system. 1345 "svc": "A String", # Trusted attributes discharged by the service. 1346 "value": "A String", # DEPRECATED. Use 'values' instead. 1347 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1348 # the IAM system for access control. 1349 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 1350 "A String", 1351 ], 1352 "op": "A String", # An operator to apply the subject with. 1353 }, 1354 ], 1355 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1356 # that match the LOG action. 1357 { # Specifies what kind of log the caller must write 1358 "counter": { # Options for counters # Counter options. 1359 "field": "A String", # The field value to attribute. 1360 "metric": "A String", # The metric to update. 1361 }, 1362 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1363 }, 1364 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1365 }, 1366 }, 1367 ], 1368 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1369 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1370 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1371 "A String", 1372 ], 1373 }, 1374 ], 1375 "version": 42, # Version of the `Policy`. The default version is 0. 1376 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1377 # prevent simultaneous updates of a policy from overwriting each other. 1378 # It is strongly suggested that systems make use of the `etag` in the 1379 # read-modify-write cycle to perform policy updates in order to avoid race 1380 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1381 # systems are expected to put that etag in the request to `setIamPolicy` to 1382 # ensure that their change will be applied to the same version of the policy. 1383 # 1384 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1385 # policy is overwritten blindly. 1386 "bindings": [ # Associates a list of `members` to a `role`. 1387 # Multiple `bindings` must not be specified for the same `role`. 1388 # `bindings` with no members will result in an error. 1389 { # Associates `members` with a `role`. 1390 "role": "A String", # Role that is assigned to `members`. 1391 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1392 # Required 1393 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1394 # `members` can have the following values: 1395 # 1396 # * `allUsers`: A special identifier that represents anyone who is 1397 # on the internet; with or without a Google account. 1398 # 1399 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1400 # who is authenticated with a Google account or a service account. 1401 # 1402 # * `user:{emailid}`: An email address that represents a specific Google 1403 # account. For example, `alice@gmail.com` or `joe@example.com`. 1404 # 1405 # 1406 # * `serviceAccount:{emailid}`: An email address that represents a service 1407 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1408 # 1409 # * `group:{emailid}`: An email address that represents a Google group. 1410 # For example, `admins@example.com`. 1411 # 1412 # * `domain:{domain}`: A Google Apps domain name that represents all the 1413 # users of that domain. For example, `google.com` or `example.com`. 1414 # 1415 "A String", 1416 ], 1417 }, 1418 ], 1419 "iamOwned": True or False, 1420 }</pre> 1421</div> 1422 1423<div class="method"> 1424 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1425 <pre>Returns permissions that the caller has on the specified instance resource. 1426 1427Attempting this RPC on a non-existent Cloud Spanner instance resource will 1428result in a NOT_FOUND error if the user has `spanner.instances.list` 1429permission on the containing Google Cloud Project. Otherwise returns an 1430empty set of permissions. 1431 1432Args: 1433 resource: string, REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 1434 body: object, The request body. (required) 1435 The object takes the form of: 1436 1437{ # Request message for `TestIamPermissions` method. 1438 "permissions": [ # REQUIRED: The set of permissions to check for 'resource'. 1439 # Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed. 1440 "A String", 1441 ], 1442 } 1443 1444 x__xgafv: string, V1 error format. 1445 Allowed values 1446 1 - v1 error format 1447 2 - v2 error format 1448 1449Returns: 1450 An object of the form: 1451 1452 { # Response message for `TestIamPermissions` method. 1453 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1454 # allowed. 1455 "A String", 1456 ], 1457 }</pre> 1458</div> 1459 1460</body></html>