1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1.accessPolicies.accessLevels.html">accessLevels</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 79<p class="firstline">Create an Access Level. The longrunning</p> 80<p class="toc_element"> 81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Delete an Access Level by resource</p> 83<p class="toc_element"> 84 <code><a href="#get">get(name, accessLevelFormat=None, x__xgafv=None)</a></code></p> 85<p class="firstline">Get an Access Level by resource</p> 86<p class="toc_element"> 87 <code><a href="#list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> 88<p class="firstline">List all Access Levels for an access</p> 89<p class="toc_element"> 90 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 91<p class="firstline">Retrieves the next page of results.</p> 92<p class="toc_element"> 93 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 94<p class="firstline">Update an Access Level. The longrunning</p> 95<h3>Method Details</h3> 96<div class="method"> 97 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 98 <pre>Create an Access Level. The longrunning 99operation from this RPC will have a successful status once the Access 100Level has 101propagated to long-lasting storage. Access Levels containing 102errors will result in an error response for the first error encountered. 103 104Args: 105 parent: string, Required. Resource name for the access policy which owns this Access 106Level. 107 108Format: `accessPolicies/{policy_id}` (required) 109 body: object, The request body. (required) 110 The object takes the form of: 111 112{ # An `AccessLevel` is a label that can be applied to requests to GCP services, 113 # along with a list of requirements necessary for the label to be applied. 114 "updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC. 115 "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. 116 "title": "A String", # Human readable title. Must be unique within the Policy. 117 "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. 118 "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is 119 # granted this `AccessLevel`. If AND is used, each `Condition` in 120 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 121 # is used, at least one `Condition` in `conditions` must be satisfied for the 122 # `AccessLevel` to be applied. Default behavior is AND. 123 "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. 124 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an 125 # AND over its fields. So a Condition is true if: 1) the request IP is from one 126 # of the listed subnetworks AND 2) the originating device complies with the 127 # listed device policy AND 3) all listed access levels are granted AND 4) the 128 # request was sent at a time allowed by the DateTimeRestriction. 129 "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by 130 # resource name. Referencing an `AccessLevel` which does not exist is an 131 # error. All access levels listed must be granted for the Condition 132 # to be true. Example: 133 # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` 134 "A String", 135 ], 136 "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the 137 # Condition to be true. If not specified, all devices are allowed. 138 # given access level. A `DevicePolicy` specifies requirements for requests from 139 # devices to be granted access levels, it does not do any enforcement on the 140 # device. `DevicePolicy` acts as an AND over all specified fields, and each 141 # repeated field is an OR over its elements. Any unset fields are ignored. For 142 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : 143 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be 144 # true for requests originating from encrypted Linux desktops and encrypted 145 # Windows desktops. 146 "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. 147 "A String", 148 ], 149 "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. 150 { # A restriction on the OS type and version of devices making requests. 151 "osType": "A String", # Required. The allowed OS type. 152 "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. 153 # Verifications includes requirements that the device is enterprise-managed, 154 # conformant to Dasher domain policies, and the caller has permission to call 155 # the API targeted by the request. 156 "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS 157 # satisfies the constraint. Format: `"major.minor.patch"`. 158 # Examples: `"10.5.301"`, `"9.2.1"`. 159 }, 160 ], 161 "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. 162 "requireCorpOwned": True or False, # Whether the device needs to be corp owned. 163 "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management 164 # levels. 165 "A String", 166 ], 167 "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. 168 # Defaults to `false`. 169 }, 170 "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for 171 # a CIDR IP address block, the specified IP address portion must be properly 172 # truncated (i.e. all the host bits must be zero) or the input is considered 173 # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is 174 # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas 175 # "2001:db8::1/32" is not. The originating IP of a request must be in one of 176 # the listed subnets in order for this Condition to be true. If empty, all IP 177 # addresses are allowed. 178 "A String", 179 ], 180 "regions": [ # The request must originate from one of the provided countries/regions. 181 # Must be valid ISO 3166-1 alpha-2 codes. 182 "A String", 183 ], 184 "members": [ # The request must be made by one of the provided user or service 185 # accounts. Groups are not supported. 186 # Syntax: 187 # `user:{emailid}` 188 # `serviceAccount:{emailid}` 189 # If not specified, a request may come from any user. 190 "A String", 191 ], 192 "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over 193 # its non-empty fields, each field must be false for the Condition overall to 194 # be satisfied. Defaults to false. 195 }, 196 ], 197 }, 198 "createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC. 199 "name": "A String", # Required. Resource name for the Access Level. The `short_name` component 200 # must begin with a letter and only include alphanumeric and '_'. Format: 201 # `accessPolicies/{policy_id}/accessLevels/{short_name}` 202 } 203 204 x__xgafv: string, V1 error format. 205 Allowed values 206 1 - v1 error format 207 2 - v2 error format 208 209Returns: 210 An object of the form: 211 212 { # This resource represents a long-running operation that is the result of a 213 # network API call. 214 "metadata": { # Service-specific metadata associated with the operation. It typically 215 # contains progress information and common metadata such as create time. 216 # Some services might not provide such metadata. Any method that returns a 217 # long-running operation should document the metadata type, if any. 218 "a_key": "", # Properties of the object. Contains field @type with type URL. 219 }, 220 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 221 # different programming environments, including REST APIs and RPC APIs. It is 222 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 223 # three pieces of data: error code, error message, and error details. 224 # 225 # You can find out more about this error model and how to work with it in the 226 # [API Design Guide](https://cloud.google.com/apis/design/errors). 227 "message": "A String", # A developer-facing error message, which should be in English. Any 228 # user-facing error message should be localized and sent in the 229 # google.rpc.Status.details field, or localized by the client. 230 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 231 "details": [ # A list of messages that carry the error details. There is a common set of 232 # message types for APIs to use. 233 { 234 "a_key": "", # Properties of the object. Contains field @type with type URL. 235 }, 236 ], 237 }, 238 "done": True or False, # If the value is `false`, it means the operation is still in progress. 239 # If `true`, the operation is completed, and either `error` or `response` is 240 # available. 241 "response": { # The normal response of the operation in case of success. If the original 242 # method returns no data on success, such as `Delete`, the response is 243 # `google.protobuf.Empty`. If the original method is standard 244 # `Get`/`Create`/`Update`, the response should be the resource. For other 245 # methods, the response should have the type `XxxResponse`, where `Xxx` 246 # is the original method name. For example, if the original method name 247 # is `TakeSnapshot()`, the inferred response type is 248 # `TakeSnapshotResponse`. 249 "a_key": "", # Properties of the object. Contains field @type with type URL. 250 }, 251 "name": "A String", # The server-assigned name, which is only unique within the same service that 252 # originally returns it. If you use the default HTTP mapping, the 253 # `name` should be a resource name ending with `operations/{unique_id}`. 254 }</pre> 255</div> 256 257<div class="method"> 258 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 259 <pre>Delete an Access Level by resource 260name. The longrunning operation from this RPC will have a successful status 261once the Access Level has been removed 262from long-lasting storage. 263 264Args: 265 name: string, Required. Resource name for the Access Level. 266 267Format: 268`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required) 269 x__xgafv: string, V1 error format. 270 Allowed values 271 1 - v1 error format 272 2 - v2 error format 273 274Returns: 275 An object of the form: 276 277 { # This resource represents a long-running operation that is the result of a 278 # network API call. 279 "metadata": { # Service-specific metadata associated with the operation. It typically 280 # contains progress information and common metadata such as create time. 281 # Some services might not provide such metadata. Any method that returns a 282 # long-running operation should document the metadata type, if any. 283 "a_key": "", # Properties of the object. Contains field @type with type URL. 284 }, 285 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 286 # different programming environments, including REST APIs and RPC APIs. It is 287 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 288 # three pieces of data: error code, error message, and error details. 289 # 290 # You can find out more about this error model and how to work with it in the 291 # [API Design Guide](https://cloud.google.com/apis/design/errors). 292 "message": "A String", # A developer-facing error message, which should be in English. Any 293 # user-facing error message should be localized and sent in the 294 # google.rpc.Status.details field, or localized by the client. 295 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 296 "details": [ # A list of messages that carry the error details. There is a common set of 297 # message types for APIs to use. 298 { 299 "a_key": "", # Properties of the object. Contains field @type with type URL. 300 }, 301 ], 302 }, 303 "done": True or False, # If the value is `false`, it means the operation is still in progress. 304 # If `true`, the operation is completed, and either `error` or `response` is 305 # available. 306 "response": { # The normal response of the operation in case of success. If the original 307 # method returns no data on success, such as `Delete`, the response is 308 # `google.protobuf.Empty`. If the original method is standard 309 # `Get`/`Create`/`Update`, the response should be the resource. For other 310 # methods, the response should have the type `XxxResponse`, where `Xxx` 311 # is the original method name. For example, if the original method name 312 # is `TakeSnapshot()`, the inferred response type is 313 # `TakeSnapshotResponse`. 314 "a_key": "", # Properties of the object. Contains field @type with type URL. 315 }, 316 "name": "A String", # The server-assigned name, which is only unique within the same service that 317 # originally returns it. If you use the default HTTP mapping, the 318 # `name` should be a resource name ending with `operations/{unique_id}`. 319 }</pre> 320</div> 321 322<div class="method"> 323 <code class="details" id="get">get(name, accessLevelFormat=None, x__xgafv=None)</code> 324 <pre>Get an Access Level by resource 325name. 326 327Args: 328 name: string, Required. Resource name for the Access Level. 329 330Format: 331`accessPolicies/{policy_id}/accessLevels/{access_level_id}` (required) 332 accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression 333Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where 334Access Levels 335are returned as `BasicLevels` or `CustomLevels` based on how they were 336created. If set to CEL, all Access Levels are returned as 337`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent 338`CustomLevels`. 339 x__xgafv: string, V1 error format. 340 Allowed values 341 1 - v1 error format 342 2 - v2 error format 343 344Returns: 345 An object of the form: 346 347 { # An `AccessLevel` is a label that can be applied to requests to GCP services, 348 # along with a list of requirements necessary for the label to be applied. 349 "updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC. 350 "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. 351 "title": "A String", # Human readable title. Must be unique within the Policy. 352 "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. 353 "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is 354 # granted this `AccessLevel`. If AND is used, each `Condition` in 355 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 356 # is used, at least one `Condition` in `conditions` must be satisfied for the 357 # `AccessLevel` to be applied. Default behavior is AND. 358 "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. 359 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an 360 # AND over its fields. So a Condition is true if: 1) the request IP is from one 361 # of the listed subnetworks AND 2) the originating device complies with the 362 # listed device policy AND 3) all listed access levels are granted AND 4) the 363 # request was sent at a time allowed by the DateTimeRestriction. 364 "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by 365 # resource name. Referencing an `AccessLevel` which does not exist is an 366 # error. All access levels listed must be granted for the Condition 367 # to be true. Example: 368 # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` 369 "A String", 370 ], 371 "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the 372 # Condition to be true. If not specified, all devices are allowed. 373 # given access level. A `DevicePolicy` specifies requirements for requests from 374 # devices to be granted access levels, it does not do any enforcement on the 375 # device. `DevicePolicy` acts as an AND over all specified fields, and each 376 # repeated field is an OR over its elements. Any unset fields are ignored. For 377 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : 378 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be 379 # true for requests originating from encrypted Linux desktops and encrypted 380 # Windows desktops. 381 "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. 382 "A String", 383 ], 384 "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. 385 { # A restriction on the OS type and version of devices making requests. 386 "osType": "A String", # Required. The allowed OS type. 387 "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. 388 # Verifications includes requirements that the device is enterprise-managed, 389 # conformant to Dasher domain policies, and the caller has permission to call 390 # the API targeted by the request. 391 "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS 392 # satisfies the constraint. Format: `"major.minor.patch"`. 393 # Examples: `"10.5.301"`, `"9.2.1"`. 394 }, 395 ], 396 "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. 397 "requireCorpOwned": True or False, # Whether the device needs to be corp owned. 398 "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management 399 # levels. 400 "A String", 401 ], 402 "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. 403 # Defaults to `false`. 404 }, 405 "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for 406 # a CIDR IP address block, the specified IP address portion must be properly 407 # truncated (i.e. all the host bits must be zero) or the input is considered 408 # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is 409 # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas 410 # "2001:db8::1/32" is not. The originating IP of a request must be in one of 411 # the listed subnets in order for this Condition to be true. If empty, all IP 412 # addresses are allowed. 413 "A String", 414 ], 415 "regions": [ # The request must originate from one of the provided countries/regions. 416 # Must be valid ISO 3166-1 alpha-2 codes. 417 "A String", 418 ], 419 "members": [ # The request must be made by one of the provided user or service 420 # accounts. Groups are not supported. 421 # Syntax: 422 # `user:{emailid}` 423 # `serviceAccount:{emailid}` 424 # If not specified, a request may come from any user. 425 "A String", 426 ], 427 "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over 428 # its non-empty fields, each field must be false for the Condition overall to 429 # be satisfied. Defaults to false. 430 }, 431 ], 432 }, 433 "createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC. 434 "name": "A String", # Required. Resource name for the Access Level. The `short_name` component 435 # must begin with a letter and only include alphanumeric and '_'. Format: 436 # `accessPolicies/{policy_id}/accessLevels/{short_name}` 437 }</pre> 438</div> 439 440<div class="method"> 441 <code class="details" id="list">list(parent, accessLevelFormat=None, pageSize=None, pageToken=None, x__xgafv=None)</code> 442 <pre>List all Access Levels for an access 443policy. 444 445Args: 446 parent: string, Required. Resource name for the access policy to list Access Levels from. 447 448Format: 449`accessPolicies/{policy_id}` (required) 450 accessLevelFormat: string, Whether to return `BasicLevels` in the Cloud Common Expression language, as 451`CustomLevels`, rather than as `BasicLevels`. Defaults to returning 452`AccessLevels` in the format they were defined. 453 pageSize: integer, Number of Access Levels to include in 454the list. Default 100. 455 pageToken: string, Next page token for the next batch of Access Level instances. 456Defaults to the first page of results. 457 x__xgafv: string, V1 error format. 458 Allowed values 459 1 - v1 error format 460 2 - v2 error format 461 462Returns: 463 An object of the form: 464 465 { # A response to `ListAccessLevelsRequest`. 466 "nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is 467 # empty, no further results remain. 468 "accessLevels": [ # List of the Access Level instances. 469 { # An `AccessLevel` is a label that can be applied to requests to GCP services, 470 # along with a list of requirements necessary for the label to be applied. 471 "updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC. 472 "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. 473 "title": "A String", # Human readable title. Must be unique within the Policy. 474 "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. 475 "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is 476 # granted this `AccessLevel`. If AND is used, each `Condition` in 477 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 478 # is used, at least one `Condition` in `conditions` must be satisfied for the 479 # `AccessLevel` to be applied. Default behavior is AND. 480 "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. 481 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an 482 # AND over its fields. So a Condition is true if: 1) the request IP is from one 483 # of the listed subnetworks AND 2) the originating device complies with the 484 # listed device policy AND 3) all listed access levels are granted AND 4) the 485 # request was sent at a time allowed by the DateTimeRestriction. 486 "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by 487 # resource name. Referencing an `AccessLevel` which does not exist is an 488 # error. All access levels listed must be granted for the Condition 489 # to be true. Example: 490 # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` 491 "A String", 492 ], 493 "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the 494 # Condition to be true. If not specified, all devices are allowed. 495 # given access level. A `DevicePolicy` specifies requirements for requests from 496 # devices to be granted access levels, it does not do any enforcement on the 497 # device. `DevicePolicy` acts as an AND over all specified fields, and each 498 # repeated field is an OR over its elements. Any unset fields are ignored. For 499 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : 500 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be 501 # true for requests originating from encrypted Linux desktops and encrypted 502 # Windows desktops. 503 "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. 504 "A String", 505 ], 506 "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. 507 { # A restriction on the OS type and version of devices making requests. 508 "osType": "A String", # Required. The allowed OS type. 509 "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. 510 # Verifications includes requirements that the device is enterprise-managed, 511 # conformant to Dasher domain policies, and the caller has permission to call 512 # the API targeted by the request. 513 "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS 514 # satisfies the constraint. Format: `"major.minor.patch"`. 515 # Examples: `"10.5.301"`, `"9.2.1"`. 516 }, 517 ], 518 "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. 519 "requireCorpOwned": True or False, # Whether the device needs to be corp owned. 520 "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management 521 # levels. 522 "A String", 523 ], 524 "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. 525 # Defaults to `false`. 526 }, 527 "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for 528 # a CIDR IP address block, the specified IP address portion must be properly 529 # truncated (i.e. all the host bits must be zero) or the input is considered 530 # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is 531 # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas 532 # "2001:db8::1/32" is not. The originating IP of a request must be in one of 533 # the listed subnets in order for this Condition to be true. If empty, all IP 534 # addresses are allowed. 535 "A String", 536 ], 537 "regions": [ # The request must originate from one of the provided countries/regions. 538 # Must be valid ISO 3166-1 alpha-2 codes. 539 "A String", 540 ], 541 "members": [ # The request must be made by one of the provided user or service 542 # accounts. Groups are not supported. 543 # Syntax: 544 # `user:{emailid}` 545 # `serviceAccount:{emailid}` 546 # If not specified, a request may come from any user. 547 "A String", 548 ], 549 "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over 550 # its non-empty fields, each field must be false for the Condition overall to 551 # be satisfied. Defaults to false. 552 }, 553 ], 554 }, 555 "createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC. 556 "name": "A String", # Required. Resource name for the Access Level. The `short_name` component 557 # must begin with a letter and only include alphanumeric and '_'. Format: 558 # `accessPolicies/{policy_id}/accessLevels/{short_name}` 559 }, 560 ], 561 }</pre> 562</div> 563 564<div class="method"> 565 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 566 <pre>Retrieves the next page of results. 567 568Args: 569 previous_request: The request for the previous page. (required) 570 previous_response: The response from the request for the previous page. (required) 571 572Returns: 573 A request object that you can call 'execute()' on to request the next 574 page. Returns None if there are no more items in the collection. 575 </pre> 576</div> 577 578<div class="method"> 579 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 580 <pre>Update an Access Level. The longrunning 581operation from this RPC will have a successful status once the changes to 582the Access Level have propagated 583to long-lasting storage. Access Levels containing 584errors will result in an error response for the first error encountered. 585 586Args: 587 name: string, Required. Resource name for the Access Level. The `short_name` component 588must begin with a letter and only include alphanumeric and '_'. Format: 589`accessPolicies/{policy_id}/accessLevels/{short_name}` (required) 590 body: object, The request body. (required) 591 The object takes the form of: 592 593{ # An `AccessLevel` is a label that can be applied to requests to GCP services, 594 # along with a list of requirements necessary for the label to be applied. 595 "updateTime": "A String", # Output only. Time the `AccessLevel` was updated in UTC. 596 "description": "A String", # Description of the `AccessLevel` and its use. Does not affect behavior. 597 "title": "A String", # Human readable title. Must be unique within the Policy. 598 "basic": { # `BasicLevel` is an `AccessLevel` using a set of recommended features. # A `BasicLevel` composed of `Conditions`. 599 "combiningFunction": "A String", # How the `conditions` list should be combined to determine if a request is 600 # granted this `AccessLevel`. If AND is used, each `Condition` in 601 # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 602 # is used, at least one `Condition` in `conditions` must be satisfied for the 603 # `AccessLevel` to be applied. Default behavior is AND. 604 "conditions": [ # Required. A list of requirements for the `AccessLevel` to be granted. 605 { # A condition necessary for an `AccessLevel` to be granted. The Condition is an 606 # AND over its fields. So a Condition is true if: 1) the request IP is from one 607 # of the listed subnetworks AND 2) the originating device complies with the 608 # listed device policy AND 3) all listed access levels are granted AND 4) the 609 # request was sent at a time allowed by the DateTimeRestriction. 610 "requiredAccessLevels": [ # A list of other access levels defined in the same `Policy`, referenced by 611 # resource name. Referencing an `AccessLevel` which does not exist is an 612 # error. All access levels listed must be granted for the Condition 613 # to be true. Example: 614 # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"` 615 "A String", 616 ], 617 "devicePolicy": { # `DevicePolicy` specifies device specific restrictions necessary to acquire a # Device specific restrictions, all restrictions must hold for the 618 # Condition to be true. If not specified, all devices are allowed. 619 # given access level. A `DevicePolicy` specifies requirements for requests from 620 # devices to be granted access levels, it does not do any enforcement on the 621 # device. `DevicePolicy` acts as an AND over all specified fields, and each 622 # repeated field is an OR over its elements. Any unset fields are ignored. For 623 # example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : 624 # DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be 625 # true for requests originating from encrypted Linux desktops and encrypted 626 # Windows desktops. 627 "allowedEncryptionStatuses": [ # Allowed encryptions statuses, an empty list allows all statuses. 628 "A String", 629 ], 630 "osConstraints": [ # Allowed OS versions, an empty list allows all types and all versions. 631 { # A restriction on the OS type and version of devices making requests. 632 "osType": "A String", # Required. The allowed OS type. 633 "requireVerifiedChromeOs": True or False, # Only allows requests from devices with a verified Chrome OS. 634 # Verifications includes requirements that the device is enterprise-managed, 635 # conformant to Dasher domain policies, and the caller has permission to call 636 # the API targeted by the request. 637 "minimumVersion": "A String", # The minimum allowed OS version. If not set, any version of this OS 638 # satisfies the constraint. Format: `"major.minor.patch"`. 639 # Examples: `"10.5.301"`, `"9.2.1"`. 640 }, 641 ], 642 "requireAdminApproval": True or False, # Whether the device needs to be approved by the customer admin. 643 "requireCorpOwned": True or False, # Whether the device needs to be corp owned. 644 "allowedDeviceManagementLevels": [ # Allowed device management levels, an empty list allows all management 645 # levels. 646 "A String", 647 ], 648 "requireScreenlock": True or False, # Whether or not screenlock is required for the DevicePolicy to be true. 649 # Defaults to `false`. 650 }, 651 "ipSubnetworks": [ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for 652 # a CIDR IP address block, the specified IP address portion must be properly 653 # truncated (i.e. all the host bits must be zero) or the input is considered 654 # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is 655 # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas 656 # "2001:db8::1/32" is not. The originating IP of a request must be in one of 657 # the listed subnets in order for this Condition to be true. If empty, all IP 658 # addresses are allowed. 659 "A String", 660 ], 661 "regions": [ # The request must originate from one of the provided countries/regions. 662 # Must be valid ISO 3166-1 alpha-2 codes. 663 "A String", 664 ], 665 "members": [ # The request must be made by one of the provided user or service 666 # accounts. Groups are not supported. 667 # Syntax: 668 # `user:{emailid}` 669 # `serviceAccount:{emailid}` 670 # If not specified, a request may come from any user. 671 "A String", 672 ], 673 "negate": True or False, # Whether to negate the Condition. If true, the Condition becomes a NAND over 674 # its non-empty fields, each field must be false for the Condition overall to 675 # be satisfied. Defaults to false. 676 }, 677 ], 678 }, 679 "createTime": "A String", # Output only. Time the `AccessLevel` was created in UTC. 680 "name": "A String", # Required. Resource name for the Access Level. The `short_name` component 681 # must begin with a letter and only include alphanumeric and '_'. Format: 682 # `accessPolicies/{policy_id}/accessLevels/{short_name}` 683 } 684 685 updateMask: string, Required. Mask to control which fields get updated. Must be non-empty. 686 x__xgafv: string, V1 error format. 687 Allowed values 688 1 - v1 error format 689 2 - v2 error format 690 691Returns: 692 An object of the form: 693 694 { # This resource represents a long-running operation that is the result of a 695 # network API call. 696 "metadata": { # Service-specific metadata associated with the operation. It typically 697 # contains progress information and common metadata such as create time. 698 # Some services might not provide such metadata. Any method that returns a 699 # long-running operation should document the metadata type, if any. 700 "a_key": "", # Properties of the object. Contains field @type with type URL. 701 }, 702 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 703 # different programming environments, including REST APIs and RPC APIs. It is 704 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 705 # three pieces of data: error code, error message, and error details. 706 # 707 # You can find out more about this error model and how to work with it in the 708 # [API Design Guide](https://cloud.google.com/apis/design/errors). 709 "message": "A String", # A developer-facing error message, which should be in English. Any 710 # user-facing error message should be localized and sent in the 711 # google.rpc.Status.details field, or localized by the client. 712 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 713 "details": [ # A list of messages that carry the error details. There is a common set of 714 # message types for APIs to use. 715 { 716 "a_key": "", # Properties of the object. Contains field @type with type URL. 717 }, 718 ], 719 }, 720 "done": True or False, # If the value is `false`, it means the operation is still in progress. 721 # If `true`, the operation is completed, and either `error` or `response` is 722 # available. 723 "response": { # The normal response of the operation in case of success. If the original 724 # method returns no data on success, such as `Delete`, the response is 725 # `google.protobuf.Empty`. If the original method is standard 726 # `Get`/`Create`/`Update`, the response should be the resource. For other 727 # methods, the response should have the type `XxxResponse`, where `Xxx` 728 # is the original method name. For example, if the original method name 729 # is `TakeSnapshot()`, the inferred response type is 730 # `TakeSnapshotResponse`. 731 "a_key": "", # Properties of the object. Contains field @type with type URL. 732 }, 733 "name": "A String", # The server-assigned name, which is only unique within the same service that 734 # originally returns it. If you use the default HTTP mapping, the 735 # `name` should be a resource name ending with `operations/{unique_id}`. 736 }</pre> 737</div> 738 739</body></html>