1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudkms_v1.html">Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.html">cryptoKeys()</a></code> 79</p> 80<p class="firstline">Returns the cryptoKeys Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="cloudkms_v1.projects.locations.keyRings.importJobs.html">importJobs()</a></code> 84</p> 85<p class="firstline">Returns the importJobs Resource.</p> 86 87<p class="toc_element"> 88 <code><a href="#create">create(parent, body, keyRingId=None, x__xgafv=None)</a></code></p> 89<p class="firstline">Create a new KeyRing in a given Project and Location.</p> 90<p class="toc_element"> 91 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 92<p class="firstline">Returns metadata for a given KeyRing.</p> 93<p class="toc_element"> 94 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 95<p class="firstline">Gets the access control policy for a resource.</p> 96<p class="toc_element"> 97 <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 98<p class="firstline">Lists KeyRings.</p> 99<p class="toc_element"> 100 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 101<p class="firstline">Retrieves the next page of results.</p> 102<p class="toc_element"> 103 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 104<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 105<p class="toc_element"> 106 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 107<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 108<h3>Method Details</h3> 109<div class="method"> 110 <code class="details" id="create">create(parent, body, keyRingId=None, x__xgafv=None)</code> 111 <pre>Create a new KeyRing in a given Project and Location. 112 113Args: 114 parent: string, Required. The resource name of the location associated with the 115KeyRings, in the format `projects/*/locations/*`. (required) 116 body: object, The request body. (required) 117 The object takes the form of: 118 119{ # A KeyRing is a toplevel logical grouping of CryptoKeys. 120 "createTime": "A String", # Output only. The time at which this KeyRing was created. 121 "name": "A String", # Output only. The resource name for the KeyRing in the format 122 # `projects/*/locations/*/keyRings/*`. 123} 124 125 keyRingId: string, Required. It must be unique within a location and match the regular 126expression `[a-zA-Z0-9_-]{1,63}` 127 x__xgafv: string, V1 error format. 128 Allowed values 129 1 - v1 error format 130 2 - v2 error format 131 132Returns: 133 An object of the form: 134 135 { # A KeyRing is a toplevel logical grouping of CryptoKeys. 136 "createTime": "A String", # Output only. The time at which this KeyRing was created. 137 "name": "A String", # Output only. The resource name for the KeyRing in the format 138 # `projects/*/locations/*/keyRings/*`. 139 }</pre> 140</div> 141 142<div class="method"> 143 <code class="details" id="get">get(name, x__xgafv=None)</code> 144 <pre>Returns metadata for a given KeyRing. 145 146Args: 147 name: string, The name of the KeyRing to get. (required) 148 x__xgafv: string, V1 error format. 149 Allowed values 150 1 - v1 error format 151 2 - v2 error format 152 153Returns: 154 An object of the form: 155 156 { # A KeyRing is a toplevel logical grouping of CryptoKeys. 157 "createTime": "A String", # Output only. The time at which this KeyRing was created. 158 "name": "A String", # Output only. The resource name for the KeyRing in the format 159 # `projects/*/locations/*/keyRings/*`. 160 }</pre> 161</div> 162 163<div class="method"> 164 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 165 <pre>Gets the access control policy for a resource. 166Returns an empty policy if the resource exists and does not have a policy 167set. 168 169Args: 170 resource: string, REQUIRED: The resource for which the policy is being requested. 171See the operation documentation for the appropriate value for this field. (required) 172 x__xgafv: string, V1 error format. 173 Allowed values 174 1 - v1 error format 175 2 - v2 error format 176 177Returns: 178 An object of the form: 179 180 { # Defines an Identity and Access Management (IAM) policy. It is used to 181 # specify access control policies for Cloud Platform resources. 182 # 183 # 184 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 185 # `members` to a `role`, where the members can be user accounts, Google groups, 186 # Google domains, and service accounts. A `role` is a named list of permissions 187 # defined by IAM. 188 # 189 # **JSON Example** 190 # 191 # { 192 # "bindings": [ 193 # { 194 # "role": "roles/owner", 195 # "members": [ 196 # "user:mike@example.com", 197 # "group:admins@example.com", 198 # "domain:google.com", 199 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 200 # ] 201 # }, 202 # { 203 # "role": "roles/viewer", 204 # "members": ["user:sean@example.com"] 205 # } 206 # ] 207 # } 208 # 209 # **YAML Example** 210 # 211 # bindings: 212 # - members: 213 # - user:mike@example.com 214 # - group:admins@example.com 215 # - domain:google.com 216 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 217 # role: roles/owner 218 # - members: 219 # - user:sean@example.com 220 # role: roles/viewer 221 # 222 # 223 # For a description of IAM and its features, see the 224 # [IAM developer's guide](https://cloud.google.com/iam/docs). 225 "bindings": [ # Associates a list of `members` to a `role`. 226 # `bindings` with no members will result in an error. 227 { # Associates `members` with a `role`. 228 "role": "A String", # Role that is assigned to `members`. 229 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 230 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 231 # `members` can have the following values: 232 # 233 # * `allUsers`: A special identifier that represents anyone who is 234 # on the internet; with or without a Google account. 235 # 236 # * `allAuthenticatedUsers`: A special identifier that represents anyone 237 # who is authenticated with a Google account or a service account. 238 # 239 # * `user:{emailid}`: An email address that represents a specific Google 240 # account. For example, `alice@gmail.com` . 241 # 242 # 243 # * `serviceAccount:{emailid}`: An email address that represents a service 244 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 245 # 246 # * `group:{emailid}`: An email address that represents a Google group. 247 # For example, `admins@example.com`. 248 # 249 # 250 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 251 # users of that domain. For example, `google.com` or `example.com`. 252 # 253 "A String", 254 ], 255 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 256 # NOTE: An unsatisfied condition will not allow user access via current 257 # binding. Different bindings, including their conditions, are examined 258 # independently. 259 # 260 # title: "User account presence" 261 # description: "Determines whether the request has a user account" 262 # expression: "size(request.user) > 0" 263 "description": "A String", # An optional description of the expression. This is a longer text which 264 # describes the expression, e.g. when hovered over it in a UI. 265 "expression": "A String", # Textual representation of an expression in 266 # Common Expression Language syntax. 267 # 268 # The application context of the containing message determines which 269 # well-known feature set of CEL is supported. 270 "location": "A String", # An optional string indicating the location of the expression for error 271 # reporting, e.g. a file name and a position in the file. 272 "title": "A String", # An optional title for the expression, i.e. a short string describing 273 # its purpose. This can be used e.g. in UIs which allow to enter the 274 # expression. 275 }, 276 }, 277 ], 278 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 279 # prevent simultaneous updates of a policy from overwriting each other. 280 # It is strongly suggested that systems make use of the `etag` in the 281 # read-modify-write cycle to perform policy updates in order to avoid race 282 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 283 # systems are expected to put that etag in the request to `setIamPolicy` to 284 # ensure that their change will be applied to the same version of the policy. 285 # 286 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 287 # policy is overwritten blindly. 288 "version": 42, # Deprecated. 289 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 290 { # Specifies the audit configuration for a service. 291 # The configuration determines which permission types are logged, and what 292 # identities, if any, are exempted from logging. 293 # An AuditConfig must have one or more AuditLogConfigs. 294 # 295 # If there are AuditConfigs for both `allServices` and a specific service, 296 # the union of the two AuditConfigs is used for that service: the log_types 297 # specified in each AuditConfig are enabled, and the exempted_members in each 298 # AuditLogConfig are exempted. 299 # 300 # Example Policy with multiple AuditConfigs: 301 # 302 # { 303 # "audit_configs": [ 304 # { 305 # "service": "allServices" 306 # "audit_log_configs": [ 307 # { 308 # "log_type": "DATA_READ", 309 # "exempted_members": [ 310 # "user:foo@gmail.com" 311 # ] 312 # }, 313 # { 314 # "log_type": "DATA_WRITE", 315 # }, 316 # { 317 # "log_type": "ADMIN_READ", 318 # } 319 # ] 320 # }, 321 # { 322 # "service": "fooservice.googleapis.com" 323 # "audit_log_configs": [ 324 # { 325 # "log_type": "DATA_READ", 326 # }, 327 # { 328 # "log_type": "DATA_WRITE", 329 # "exempted_members": [ 330 # "user:bar@gmail.com" 331 # ] 332 # } 333 # ] 334 # } 335 # ] 336 # } 337 # 338 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 339 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 340 # bar@gmail.com from DATA_WRITE logging. 341 "auditLogConfigs": [ # The configuration for logging of each type of permission. 342 { # Provides the configuration for logging a type of permissions. 343 # Example: 344 # 345 # { 346 # "audit_log_configs": [ 347 # { 348 # "log_type": "DATA_READ", 349 # "exempted_members": [ 350 # "user:foo@gmail.com" 351 # ] 352 # }, 353 # { 354 # "log_type": "DATA_WRITE", 355 # } 356 # ] 357 # } 358 # 359 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 360 # foo@gmail.com from DATA_READ logging. 361 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 362 # permission. 363 # Follows the same format of Binding.members. 364 "A String", 365 ], 366 "logType": "A String", # The log type that this config enables. 367 }, 368 ], 369 "service": "A String", # Specifies a service that will be enabled for audit logging. 370 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 371 # `allServices` is a special value that covers all services. 372 }, 373 ], 374 }</pre> 375</div> 376 377<div class="method"> 378 <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</code> 379 <pre>Lists KeyRings. 380 381Args: 382 parent: string, Required. The resource name of the location associated with the 383KeyRings, in the format `projects/*/locations/*`. (required) 384 pageToken: string, Optional pagination token, returned earlier via 385ListKeyRingsResponse.next_page_token. 386 x__xgafv: string, V1 error format. 387 Allowed values 388 1 - v1 error format 389 2 - v2 error format 390 pageSize: integer, Optional limit on the number of KeyRings to include in the 391response. Further KeyRings can subsequently be obtained by 392including the ListKeyRingsResponse.next_page_token in a subsequent 393request. If unspecified, the server will pick an appropriate default. 394 395Returns: 396 An object of the form: 397 398 { # Response message for KeyManagementService.ListKeyRings. 399 "totalSize": 42, # The total number of KeyRings that matched the query. 400 "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in 401 # ListKeyRingsRequest.page_token to retrieve the next page of results. 402 "keyRings": [ # The list of KeyRings. 403 { # A KeyRing is a toplevel logical grouping of CryptoKeys. 404 "createTime": "A String", # Output only. The time at which this KeyRing was created. 405 "name": "A String", # Output only. The resource name for the KeyRing in the format 406 # `projects/*/locations/*/keyRings/*`. 407 }, 408 ], 409 }</pre> 410</div> 411 412<div class="method"> 413 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 414 <pre>Retrieves the next page of results. 415 416Args: 417 previous_request: The request for the previous page. (required) 418 previous_response: The response from the request for the previous page. (required) 419 420Returns: 421 A request object that you can call 'execute()' on to request the next 422 page. Returns None if there are no more items in the collection. 423 </pre> 424</div> 425 426<div class="method"> 427 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 428 <pre>Sets the access control policy on the specified resource. Replaces any 429existing policy. 430 431Args: 432 resource: string, REQUIRED: The resource for which the policy is being specified. 433See the operation documentation for the appropriate value for this field. (required) 434 body: object, The request body. (required) 435 The object takes the form of: 436 437{ # Request message for `SetIamPolicy` method. 438 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 439 # the policy is limited to a few 10s of KB. An empty policy is a 440 # valid policy but certain Cloud Platform services (such as Projects) 441 # might reject them. 442 # specify access control policies for Cloud Platform resources. 443 # 444 # 445 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 446 # `members` to a `role`, where the members can be user accounts, Google groups, 447 # Google domains, and service accounts. A `role` is a named list of permissions 448 # defined by IAM. 449 # 450 # **JSON Example** 451 # 452 # { 453 # "bindings": [ 454 # { 455 # "role": "roles/owner", 456 # "members": [ 457 # "user:mike@example.com", 458 # "group:admins@example.com", 459 # "domain:google.com", 460 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 461 # ] 462 # }, 463 # { 464 # "role": "roles/viewer", 465 # "members": ["user:sean@example.com"] 466 # } 467 # ] 468 # } 469 # 470 # **YAML Example** 471 # 472 # bindings: 473 # - members: 474 # - user:mike@example.com 475 # - group:admins@example.com 476 # - domain:google.com 477 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 478 # role: roles/owner 479 # - members: 480 # - user:sean@example.com 481 # role: roles/viewer 482 # 483 # 484 # For a description of IAM and its features, see the 485 # [IAM developer's guide](https://cloud.google.com/iam/docs). 486 "bindings": [ # Associates a list of `members` to a `role`. 487 # `bindings` with no members will result in an error. 488 { # Associates `members` with a `role`. 489 "role": "A String", # Role that is assigned to `members`. 490 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 491 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 492 # `members` can have the following values: 493 # 494 # * `allUsers`: A special identifier that represents anyone who is 495 # on the internet; with or without a Google account. 496 # 497 # * `allAuthenticatedUsers`: A special identifier that represents anyone 498 # who is authenticated with a Google account or a service account. 499 # 500 # * `user:{emailid}`: An email address that represents a specific Google 501 # account. For example, `alice@gmail.com` . 502 # 503 # 504 # * `serviceAccount:{emailid}`: An email address that represents a service 505 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 506 # 507 # * `group:{emailid}`: An email address that represents a Google group. 508 # For example, `admins@example.com`. 509 # 510 # 511 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 512 # users of that domain. For example, `google.com` or `example.com`. 513 # 514 "A String", 515 ], 516 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 517 # NOTE: An unsatisfied condition will not allow user access via current 518 # binding. Different bindings, including their conditions, are examined 519 # independently. 520 # 521 # title: "User account presence" 522 # description: "Determines whether the request has a user account" 523 # expression: "size(request.user) > 0" 524 "description": "A String", # An optional description of the expression. This is a longer text which 525 # describes the expression, e.g. when hovered over it in a UI. 526 "expression": "A String", # Textual representation of an expression in 527 # Common Expression Language syntax. 528 # 529 # The application context of the containing message determines which 530 # well-known feature set of CEL is supported. 531 "location": "A String", # An optional string indicating the location of the expression for error 532 # reporting, e.g. a file name and a position in the file. 533 "title": "A String", # An optional title for the expression, i.e. a short string describing 534 # its purpose. This can be used e.g. in UIs which allow to enter the 535 # expression. 536 }, 537 }, 538 ], 539 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 540 # prevent simultaneous updates of a policy from overwriting each other. 541 # It is strongly suggested that systems make use of the `etag` in the 542 # read-modify-write cycle to perform policy updates in order to avoid race 543 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 544 # systems are expected to put that etag in the request to `setIamPolicy` to 545 # ensure that their change will be applied to the same version of the policy. 546 # 547 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 548 # policy is overwritten blindly. 549 "version": 42, # Deprecated. 550 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 551 { # Specifies the audit configuration for a service. 552 # The configuration determines which permission types are logged, and what 553 # identities, if any, are exempted from logging. 554 # An AuditConfig must have one or more AuditLogConfigs. 555 # 556 # If there are AuditConfigs for both `allServices` and a specific service, 557 # the union of the two AuditConfigs is used for that service: the log_types 558 # specified in each AuditConfig are enabled, and the exempted_members in each 559 # AuditLogConfig are exempted. 560 # 561 # Example Policy with multiple AuditConfigs: 562 # 563 # { 564 # "audit_configs": [ 565 # { 566 # "service": "allServices" 567 # "audit_log_configs": [ 568 # { 569 # "log_type": "DATA_READ", 570 # "exempted_members": [ 571 # "user:foo@gmail.com" 572 # ] 573 # }, 574 # { 575 # "log_type": "DATA_WRITE", 576 # }, 577 # { 578 # "log_type": "ADMIN_READ", 579 # } 580 # ] 581 # }, 582 # { 583 # "service": "fooservice.googleapis.com" 584 # "audit_log_configs": [ 585 # { 586 # "log_type": "DATA_READ", 587 # }, 588 # { 589 # "log_type": "DATA_WRITE", 590 # "exempted_members": [ 591 # "user:bar@gmail.com" 592 # ] 593 # } 594 # ] 595 # } 596 # ] 597 # } 598 # 599 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 600 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 601 # bar@gmail.com from DATA_WRITE logging. 602 "auditLogConfigs": [ # The configuration for logging of each type of permission. 603 { # Provides the configuration for logging a type of permissions. 604 # Example: 605 # 606 # { 607 # "audit_log_configs": [ 608 # { 609 # "log_type": "DATA_READ", 610 # "exempted_members": [ 611 # "user:foo@gmail.com" 612 # ] 613 # }, 614 # { 615 # "log_type": "DATA_WRITE", 616 # } 617 # ] 618 # } 619 # 620 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 621 # foo@gmail.com from DATA_READ logging. 622 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 623 # permission. 624 # Follows the same format of Binding.members. 625 "A String", 626 ], 627 "logType": "A String", # The log type that this config enables. 628 }, 629 ], 630 "service": "A String", # Specifies a service that will be enabled for audit logging. 631 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 632 # `allServices` is a special value that covers all services. 633 }, 634 ], 635 }, 636 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 637 # the fields in the mask will be modified. If no mask is provided, the 638 # following default mask is used: 639 # paths: "bindings, etag" 640 # This field is only used by Cloud IAM. 641 } 642 643 x__xgafv: string, V1 error format. 644 Allowed values 645 1 - v1 error format 646 2 - v2 error format 647 648Returns: 649 An object of the form: 650 651 { # Defines an Identity and Access Management (IAM) policy. It is used to 652 # specify access control policies for Cloud Platform resources. 653 # 654 # 655 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 656 # `members` to a `role`, where the members can be user accounts, Google groups, 657 # Google domains, and service accounts. A `role` is a named list of permissions 658 # defined by IAM. 659 # 660 # **JSON Example** 661 # 662 # { 663 # "bindings": [ 664 # { 665 # "role": "roles/owner", 666 # "members": [ 667 # "user:mike@example.com", 668 # "group:admins@example.com", 669 # "domain:google.com", 670 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 671 # ] 672 # }, 673 # { 674 # "role": "roles/viewer", 675 # "members": ["user:sean@example.com"] 676 # } 677 # ] 678 # } 679 # 680 # **YAML Example** 681 # 682 # bindings: 683 # - members: 684 # - user:mike@example.com 685 # - group:admins@example.com 686 # - domain:google.com 687 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 688 # role: roles/owner 689 # - members: 690 # - user:sean@example.com 691 # role: roles/viewer 692 # 693 # 694 # For a description of IAM and its features, see the 695 # [IAM developer's guide](https://cloud.google.com/iam/docs). 696 "bindings": [ # Associates a list of `members` to a `role`. 697 # `bindings` with no members will result in an error. 698 { # Associates `members` with a `role`. 699 "role": "A String", # Role that is assigned to `members`. 700 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 701 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 702 # `members` can have the following values: 703 # 704 # * `allUsers`: A special identifier that represents anyone who is 705 # on the internet; with or without a Google account. 706 # 707 # * `allAuthenticatedUsers`: A special identifier that represents anyone 708 # who is authenticated with a Google account or a service account. 709 # 710 # * `user:{emailid}`: An email address that represents a specific Google 711 # account. For example, `alice@gmail.com` . 712 # 713 # 714 # * `serviceAccount:{emailid}`: An email address that represents a service 715 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 716 # 717 # * `group:{emailid}`: An email address that represents a Google group. 718 # For example, `admins@example.com`. 719 # 720 # 721 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 722 # users of that domain. For example, `google.com` or `example.com`. 723 # 724 "A String", 725 ], 726 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 727 # NOTE: An unsatisfied condition will not allow user access via current 728 # binding. Different bindings, including their conditions, are examined 729 # independently. 730 # 731 # title: "User account presence" 732 # description: "Determines whether the request has a user account" 733 # expression: "size(request.user) > 0" 734 "description": "A String", # An optional description of the expression. This is a longer text which 735 # describes the expression, e.g. when hovered over it in a UI. 736 "expression": "A String", # Textual representation of an expression in 737 # Common Expression Language syntax. 738 # 739 # The application context of the containing message determines which 740 # well-known feature set of CEL is supported. 741 "location": "A String", # An optional string indicating the location of the expression for error 742 # reporting, e.g. a file name and a position in the file. 743 "title": "A String", # An optional title for the expression, i.e. a short string describing 744 # its purpose. This can be used e.g. in UIs which allow to enter the 745 # expression. 746 }, 747 }, 748 ], 749 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 750 # prevent simultaneous updates of a policy from overwriting each other. 751 # It is strongly suggested that systems make use of the `etag` in the 752 # read-modify-write cycle to perform policy updates in order to avoid race 753 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 754 # systems are expected to put that etag in the request to `setIamPolicy` to 755 # ensure that their change will be applied to the same version of the policy. 756 # 757 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 758 # policy is overwritten blindly. 759 "version": 42, # Deprecated. 760 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 761 { # Specifies the audit configuration for a service. 762 # The configuration determines which permission types are logged, and what 763 # identities, if any, are exempted from logging. 764 # An AuditConfig must have one or more AuditLogConfigs. 765 # 766 # If there are AuditConfigs for both `allServices` and a specific service, 767 # the union of the two AuditConfigs is used for that service: the log_types 768 # specified in each AuditConfig are enabled, and the exempted_members in each 769 # AuditLogConfig are exempted. 770 # 771 # Example Policy with multiple AuditConfigs: 772 # 773 # { 774 # "audit_configs": [ 775 # { 776 # "service": "allServices" 777 # "audit_log_configs": [ 778 # { 779 # "log_type": "DATA_READ", 780 # "exempted_members": [ 781 # "user:foo@gmail.com" 782 # ] 783 # }, 784 # { 785 # "log_type": "DATA_WRITE", 786 # }, 787 # { 788 # "log_type": "ADMIN_READ", 789 # } 790 # ] 791 # }, 792 # { 793 # "service": "fooservice.googleapis.com" 794 # "audit_log_configs": [ 795 # { 796 # "log_type": "DATA_READ", 797 # }, 798 # { 799 # "log_type": "DATA_WRITE", 800 # "exempted_members": [ 801 # "user:bar@gmail.com" 802 # ] 803 # } 804 # ] 805 # } 806 # ] 807 # } 808 # 809 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 810 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 811 # bar@gmail.com from DATA_WRITE logging. 812 "auditLogConfigs": [ # The configuration for logging of each type of permission. 813 { # Provides the configuration for logging a type of permissions. 814 # Example: 815 # 816 # { 817 # "audit_log_configs": [ 818 # { 819 # "log_type": "DATA_READ", 820 # "exempted_members": [ 821 # "user:foo@gmail.com" 822 # ] 823 # }, 824 # { 825 # "log_type": "DATA_WRITE", 826 # } 827 # ] 828 # } 829 # 830 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 831 # foo@gmail.com from DATA_READ logging. 832 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 833 # permission. 834 # Follows the same format of Binding.members. 835 "A String", 836 ], 837 "logType": "A String", # The log type that this config enables. 838 }, 839 ], 840 "service": "A String", # Specifies a service that will be enabled for audit logging. 841 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 842 # `allServices` is a special value that covers all services. 843 }, 844 ], 845 }</pre> 846</div> 847 848<div class="method"> 849 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 850 <pre>Returns permissions that a caller has on the specified resource. 851If the resource does not exist, this will return an empty set of 852permissions, not a NOT_FOUND error. 853 854Note: This operation is designed to be used for building permission-aware 855UIs and command-line tools, not for authorization checking. This operation 856may "fail open" without warning. 857 858Args: 859 resource: string, REQUIRED: The resource for which the policy detail is being requested. 860See the operation documentation for the appropriate value for this field. (required) 861 body: object, The request body. (required) 862 The object takes the form of: 863 864{ # Request message for `TestIamPermissions` method. 865 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 866 # wildcards (such as '*' or 'storage.*') are not allowed. For more 867 # information see 868 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 869 "A String", 870 ], 871 } 872 873 x__xgafv: string, V1 error format. 874 Allowed values 875 1 - v1 error format 876 2 - v2 error format 877 878Returns: 879 An object of the form: 880 881 { # Response message for `TestIamPermissions` method. 882 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 883 # allowed. 884 "A String", 885 ], 886 }</pre> 887</div> 888 889</body></html>