1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudkms_v1.html">Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a> . <a href="cloudkms_v1.projects.locations.keyRings.importJobs.html">importJobs</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 79<p class="firstline">Gets the access control policy for a resource.</p> 80<p class="toc_element"> 81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 83<p class="toc_element"> 84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 86<h3>Method Details</h3> 87<div class="method"> 88 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 89 <pre>Gets the access control policy for a resource. 90Returns an empty policy if the resource exists and does not have a policy 91set. 92 93Args: 94 resource: string, REQUIRED: The resource for which the policy is being requested. 95See the operation documentation for the appropriate value for this field. (required) 96 x__xgafv: string, V1 error format. 97 Allowed values 98 1 - v1 error format 99 2 - v2 error format 100 101Returns: 102 An object of the form: 103 104 { # Defines an Identity and Access Management (IAM) policy. It is used to 105 # specify access control policies for Cloud Platform resources. 106 # 107 # 108 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 109 # `members` to a `role`, where the members can be user accounts, Google groups, 110 # Google domains, and service accounts. A `role` is a named list of permissions 111 # defined by IAM. 112 # 113 # **JSON Example** 114 # 115 # { 116 # "bindings": [ 117 # { 118 # "role": "roles/owner", 119 # "members": [ 120 # "user:mike@example.com", 121 # "group:admins@example.com", 122 # "domain:google.com", 123 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 124 # ] 125 # }, 126 # { 127 # "role": "roles/viewer", 128 # "members": ["user:sean@example.com"] 129 # } 130 # ] 131 # } 132 # 133 # **YAML Example** 134 # 135 # bindings: 136 # - members: 137 # - user:mike@example.com 138 # - group:admins@example.com 139 # - domain:google.com 140 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 141 # role: roles/owner 142 # - members: 143 # - user:sean@example.com 144 # role: roles/viewer 145 # 146 # 147 # For a description of IAM and its features, see the 148 # [IAM developer's guide](https://cloud.google.com/iam/docs). 149 "bindings": [ # Associates a list of `members` to a `role`. 150 # `bindings` with no members will result in an error. 151 { # Associates `members` with a `role`. 152 "role": "A String", # Role that is assigned to `members`. 153 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 154 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 155 # `members` can have the following values: 156 # 157 # * `allUsers`: A special identifier that represents anyone who is 158 # on the internet; with or without a Google account. 159 # 160 # * `allAuthenticatedUsers`: A special identifier that represents anyone 161 # who is authenticated with a Google account or a service account. 162 # 163 # * `user:{emailid}`: An email address that represents a specific Google 164 # account. For example, `alice@gmail.com` . 165 # 166 # 167 # * `serviceAccount:{emailid}`: An email address that represents a service 168 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 169 # 170 # * `group:{emailid}`: An email address that represents a Google group. 171 # For example, `admins@example.com`. 172 # 173 # 174 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 175 # users of that domain. For example, `google.com` or `example.com`. 176 # 177 "A String", 178 ], 179 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 180 # NOTE: An unsatisfied condition will not allow user access via current 181 # binding. Different bindings, including their conditions, are examined 182 # independently. 183 # 184 # title: "User account presence" 185 # description: "Determines whether the request has a user account" 186 # expression: "size(request.user) > 0" 187 "description": "A String", # An optional description of the expression. This is a longer text which 188 # describes the expression, e.g. when hovered over it in a UI. 189 "expression": "A String", # Textual representation of an expression in 190 # Common Expression Language syntax. 191 # 192 # The application context of the containing message determines which 193 # well-known feature set of CEL is supported. 194 "location": "A String", # An optional string indicating the location of the expression for error 195 # reporting, e.g. a file name and a position in the file. 196 "title": "A String", # An optional title for the expression, i.e. a short string describing 197 # its purpose. This can be used e.g. in UIs which allow to enter the 198 # expression. 199 }, 200 }, 201 ], 202 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 203 # prevent simultaneous updates of a policy from overwriting each other. 204 # It is strongly suggested that systems make use of the `etag` in the 205 # read-modify-write cycle to perform policy updates in order to avoid race 206 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 207 # systems are expected to put that etag in the request to `setIamPolicy` to 208 # ensure that their change will be applied to the same version of the policy. 209 # 210 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 211 # policy is overwritten blindly. 212 "version": 42, # Deprecated. 213 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 214 { # Specifies the audit configuration for a service. 215 # The configuration determines which permission types are logged, and what 216 # identities, if any, are exempted from logging. 217 # An AuditConfig must have one or more AuditLogConfigs. 218 # 219 # If there are AuditConfigs for both `allServices` and a specific service, 220 # the union of the two AuditConfigs is used for that service: the log_types 221 # specified in each AuditConfig are enabled, and the exempted_members in each 222 # AuditLogConfig are exempted. 223 # 224 # Example Policy with multiple AuditConfigs: 225 # 226 # { 227 # "audit_configs": [ 228 # { 229 # "service": "allServices" 230 # "audit_log_configs": [ 231 # { 232 # "log_type": "DATA_READ", 233 # "exempted_members": [ 234 # "user:foo@gmail.com" 235 # ] 236 # }, 237 # { 238 # "log_type": "DATA_WRITE", 239 # }, 240 # { 241 # "log_type": "ADMIN_READ", 242 # } 243 # ] 244 # }, 245 # { 246 # "service": "fooservice.googleapis.com" 247 # "audit_log_configs": [ 248 # { 249 # "log_type": "DATA_READ", 250 # }, 251 # { 252 # "log_type": "DATA_WRITE", 253 # "exempted_members": [ 254 # "user:bar@gmail.com" 255 # ] 256 # } 257 # ] 258 # } 259 # ] 260 # } 261 # 262 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 263 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 264 # bar@gmail.com from DATA_WRITE logging. 265 "auditLogConfigs": [ # The configuration for logging of each type of permission. 266 { # Provides the configuration for logging a type of permissions. 267 # Example: 268 # 269 # { 270 # "audit_log_configs": [ 271 # { 272 # "log_type": "DATA_READ", 273 # "exempted_members": [ 274 # "user:foo@gmail.com" 275 # ] 276 # }, 277 # { 278 # "log_type": "DATA_WRITE", 279 # } 280 # ] 281 # } 282 # 283 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 284 # foo@gmail.com from DATA_READ logging. 285 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 286 # permission. 287 # Follows the same format of Binding.members. 288 "A String", 289 ], 290 "logType": "A String", # The log type that this config enables. 291 }, 292 ], 293 "service": "A String", # Specifies a service that will be enabled for audit logging. 294 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 295 # `allServices` is a special value that covers all services. 296 }, 297 ], 298 }</pre> 299</div> 300 301<div class="method"> 302 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 303 <pre>Sets the access control policy on the specified resource. Replaces any 304existing policy. 305 306Args: 307 resource: string, REQUIRED: The resource for which the policy is being specified. 308See the operation documentation for the appropriate value for this field. (required) 309 body: object, The request body. (required) 310 The object takes the form of: 311 312{ # Request message for `SetIamPolicy` method. 313 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 314 # the policy is limited to a few 10s of KB. An empty policy is a 315 # valid policy but certain Cloud Platform services (such as Projects) 316 # might reject them. 317 # specify access control policies for Cloud Platform resources. 318 # 319 # 320 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 321 # `members` to a `role`, where the members can be user accounts, Google groups, 322 # Google domains, and service accounts. A `role` is a named list of permissions 323 # defined by IAM. 324 # 325 # **JSON Example** 326 # 327 # { 328 # "bindings": [ 329 # { 330 # "role": "roles/owner", 331 # "members": [ 332 # "user:mike@example.com", 333 # "group:admins@example.com", 334 # "domain:google.com", 335 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 336 # ] 337 # }, 338 # { 339 # "role": "roles/viewer", 340 # "members": ["user:sean@example.com"] 341 # } 342 # ] 343 # } 344 # 345 # **YAML Example** 346 # 347 # bindings: 348 # - members: 349 # - user:mike@example.com 350 # - group:admins@example.com 351 # - domain:google.com 352 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 353 # role: roles/owner 354 # - members: 355 # - user:sean@example.com 356 # role: roles/viewer 357 # 358 # 359 # For a description of IAM and its features, see the 360 # [IAM developer's guide](https://cloud.google.com/iam/docs). 361 "bindings": [ # Associates a list of `members` to a `role`. 362 # `bindings` with no members will result in an error. 363 { # Associates `members` with a `role`. 364 "role": "A String", # Role that is assigned to `members`. 365 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 366 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 367 # `members` can have the following values: 368 # 369 # * `allUsers`: A special identifier that represents anyone who is 370 # on the internet; with or without a Google account. 371 # 372 # * `allAuthenticatedUsers`: A special identifier that represents anyone 373 # who is authenticated with a Google account or a service account. 374 # 375 # * `user:{emailid}`: An email address that represents a specific Google 376 # account. For example, `alice@gmail.com` . 377 # 378 # 379 # * `serviceAccount:{emailid}`: An email address that represents a service 380 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 381 # 382 # * `group:{emailid}`: An email address that represents a Google group. 383 # For example, `admins@example.com`. 384 # 385 # 386 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 387 # users of that domain. For example, `google.com` or `example.com`. 388 # 389 "A String", 390 ], 391 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 392 # NOTE: An unsatisfied condition will not allow user access via current 393 # binding. Different bindings, including their conditions, are examined 394 # independently. 395 # 396 # title: "User account presence" 397 # description: "Determines whether the request has a user account" 398 # expression: "size(request.user) > 0" 399 "description": "A String", # An optional description of the expression. This is a longer text which 400 # describes the expression, e.g. when hovered over it in a UI. 401 "expression": "A String", # Textual representation of an expression in 402 # Common Expression Language syntax. 403 # 404 # The application context of the containing message determines which 405 # well-known feature set of CEL is supported. 406 "location": "A String", # An optional string indicating the location of the expression for error 407 # reporting, e.g. a file name and a position in the file. 408 "title": "A String", # An optional title for the expression, i.e. a short string describing 409 # its purpose. This can be used e.g. in UIs which allow to enter the 410 # expression. 411 }, 412 }, 413 ], 414 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 415 # prevent simultaneous updates of a policy from overwriting each other. 416 # It is strongly suggested that systems make use of the `etag` in the 417 # read-modify-write cycle to perform policy updates in order to avoid race 418 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 419 # systems are expected to put that etag in the request to `setIamPolicy` to 420 # ensure that their change will be applied to the same version of the policy. 421 # 422 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 423 # policy is overwritten blindly. 424 "version": 42, # Deprecated. 425 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 426 { # Specifies the audit configuration for a service. 427 # The configuration determines which permission types are logged, and what 428 # identities, if any, are exempted from logging. 429 # An AuditConfig must have one or more AuditLogConfigs. 430 # 431 # If there are AuditConfigs for both `allServices` and a specific service, 432 # the union of the two AuditConfigs is used for that service: the log_types 433 # specified in each AuditConfig are enabled, and the exempted_members in each 434 # AuditLogConfig are exempted. 435 # 436 # Example Policy with multiple AuditConfigs: 437 # 438 # { 439 # "audit_configs": [ 440 # { 441 # "service": "allServices" 442 # "audit_log_configs": [ 443 # { 444 # "log_type": "DATA_READ", 445 # "exempted_members": [ 446 # "user:foo@gmail.com" 447 # ] 448 # }, 449 # { 450 # "log_type": "DATA_WRITE", 451 # }, 452 # { 453 # "log_type": "ADMIN_READ", 454 # } 455 # ] 456 # }, 457 # { 458 # "service": "fooservice.googleapis.com" 459 # "audit_log_configs": [ 460 # { 461 # "log_type": "DATA_READ", 462 # }, 463 # { 464 # "log_type": "DATA_WRITE", 465 # "exempted_members": [ 466 # "user:bar@gmail.com" 467 # ] 468 # } 469 # ] 470 # } 471 # ] 472 # } 473 # 474 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 475 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 476 # bar@gmail.com from DATA_WRITE logging. 477 "auditLogConfigs": [ # The configuration for logging of each type of permission. 478 { # Provides the configuration for logging a type of permissions. 479 # Example: 480 # 481 # { 482 # "audit_log_configs": [ 483 # { 484 # "log_type": "DATA_READ", 485 # "exempted_members": [ 486 # "user:foo@gmail.com" 487 # ] 488 # }, 489 # { 490 # "log_type": "DATA_WRITE", 491 # } 492 # ] 493 # } 494 # 495 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 496 # foo@gmail.com from DATA_READ logging. 497 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 498 # permission. 499 # Follows the same format of Binding.members. 500 "A String", 501 ], 502 "logType": "A String", # The log type that this config enables. 503 }, 504 ], 505 "service": "A String", # Specifies a service that will be enabled for audit logging. 506 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 507 # `allServices` is a special value that covers all services. 508 }, 509 ], 510 }, 511 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 512 # the fields in the mask will be modified. If no mask is provided, the 513 # following default mask is used: 514 # paths: "bindings, etag" 515 # This field is only used by Cloud IAM. 516 } 517 518 x__xgafv: string, V1 error format. 519 Allowed values 520 1 - v1 error format 521 2 - v2 error format 522 523Returns: 524 An object of the form: 525 526 { # Defines an Identity and Access Management (IAM) policy. It is used to 527 # specify access control policies for Cloud Platform resources. 528 # 529 # 530 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 531 # `members` to a `role`, where the members can be user accounts, Google groups, 532 # Google domains, and service accounts. A `role` is a named list of permissions 533 # defined by IAM. 534 # 535 # **JSON Example** 536 # 537 # { 538 # "bindings": [ 539 # { 540 # "role": "roles/owner", 541 # "members": [ 542 # "user:mike@example.com", 543 # "group:admins@example.com", 544 # "domain:google.com", 545 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 546 # ] 547 # }, 548 # { 549 # "role": "roles/viewer", 550 # "members": ["user:sean@example.com"] 551 # } 552 # ] 553 # } 554 # 555 # **YAML Example** 556 # 557 # bindings: 558 # - members: 559 # - user:mike@example.com 560 # - group:admins@example.com 561 # - domain:google.com 562 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 563 # role: roles/owner 564 # - members: 565 # - user:sean@example.com 566 # role: roles/viewer 567 # 568 # 569 # For a description of IAM and its features, see the 570 # [IAM developer's guide](https://cloud.google.com/iam/docs). 571 "bindings": [ # Associates a list of `members` to a `role`. 572 # `bindings` with no members will result in an error. 573 { # Associates `members` with a `role`. 574 "role": "A String", # Role that is assigned to `members`. 575 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 576 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 577 # `members` can have the following values: 578 # 579 # * `allUsers`: A special identifier that represents anyone who is 580 # on the internet; with or without a Google account. 581 # 582 # * `allAuthenticatedUsers`: A special identifier that represents anyone 583 # who is authenticated with a Google account or a service account. 584 # 585 # * `user:{emailid}`: An email address that represents a specific Google 586 # account. For example, `alice@gmail.com` . 587 # 588 # 589 # * `serviceAccount:{emailid}`: An email address that represents a service 590 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 591 # 592 # * `group:{emailid}`: An email address that represents a Google group. 593 # For example, `admins@example.com`. 594 # 595 # 596 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 597 # users of that domain. For example, `google.com` or `example.com`. 598 # 599 "A String", 600 ], 601 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 602 # NOTE: An unsatisfied condition will not allow user access via current 603 # binding. Different bindings, including their conditions, are examined 604 # independently. 605 # 606 # title: "User account presence" 607 # description: "Determines whether the request has a user account" 608 # expression: "size(request.user) > 0" 609 "description": "A String", # An optional description of the expression. This is a longer text which 610 # describes the expression, e.g. when hovered over it in a UI. 611 "expression": "A String", # Textual representation of an expression in 612 # Common Expression Language syntax. 613 # 614 # The application context of the containing message determines which 615 # well-known feature set of CEL is supported. 616 "location": "A String", # An optional string indicating the location of the expression for error 617 # reporting, e.g. a file name and a position in the file. 618 "title": "A String", # An optional title for the expression, i.e. a short string describing 619 # its purpose. This can be used e.g. in UIs which allow to enter the 620 # expression. 621 }, 622 }, 623 ], 624 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 625 # prevent simultaneous updates of a policy from overwriting each other. 626 # It is strongly suggested that systems make use of the `etag` in the 627 # read-modify-write cycle to perform policy updates in order to avoid race 628 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 629 # systems are expected to put that etag in the request to `setIamPolicy` to 630 # ensure that their change will be applied to the same version of the policy. 631 # 632 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 633 # policy is overwritten blindly. 634 "version": 42, # Deprecated. 635 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 636 { # Specifies the audit configuration for a service. 637 # The configuration determines which permission types are logged, and what 638 # identities, if any, are exempted from logging. 639 # An AuditConfig must have one or more AuditLogConfigs. 640 # 641 # If there are AuditConfigs for both `allServices` and a specific service, 642 # the union of the two AuditConfigs is used for that service: the log_types 643 # specified in each AuditConfig are enabled, and the exempted_members in each 644 # AuditLogConfig are exempted. 645 # 646 # Example Policy with multiple AuditConfigs: 647 # 648 # { 649 # "audit_configs": [ 650 # { 651 # "service": "allServices" 652 # "audit_log_configs": [ 653 # { 654 # "log_type": "DATA_READ", 655 # "exempted_members": [ 656 # "user:foo@gmail.com" 657 # ] 658 # }, 659 # { 660 # "log_type": "DATA_WRITE", 661 # }, 662 # { 663 # "log_type": "ADMIN_READ", 664 # } 665 # ] 666 # }, 667 # { 668 # "service": "fooservice.googleapis.com" 669 # "audit_log_configs": [ 670 # { 671 # "log_type": "DATA_READ", 672 # }, 673 # { 674 # "log_type": "DATA_WRITE", 675 # "exempted_members": [ 676 # "user:bar@gmail.com" 677 # ] 678 # } 679 # ] 680 # } 681 # ] 682 # } 683 # 684 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 685 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 686 # bar@gmail.com from DATA_WRITE logging. 687 "auditLogConfigs": [ # The configuration for logging of each type of permission. 688 { # Provides the configuration for logging a type of permissions. 689 # Example: 690 # 691 # { 692 # "audit_log_configs": [ 693 # { 694 # "log_type": "DATA_READ", 695 # "exempted_members": [ 696 # "user:foo@gmail.com" 697 # ] 698 # }, 699 # { 700 # "log_type": "DATA_WRITE", 701 # } 702 # ] 703 # } 704 # 705 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 706 # foo@gmail.com from DATA_READ logging. 707 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 708 # permission. 709 # Follows the same format of Binding.members. 710 "A String", 711 ], 712 "logType": "A String", # The log type that this config enables. 713 }, 714 ], 715 "service": "A String", # Specifies a service that will be enabled for audit logging. 716 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 717 # `allServices` is a special value that covers all services. 718 }, 719 ], 720 }</pre> 721</div> 722 723<div class="method"> 724 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 725 <pre>Returns permissions that a caller has on the specified resource. 726If the resource does not exist, this will return an empty set of 727permissions, not a NOT_FOUND error. 728 729Note: This operation is designed to be used for building permission-aware 730UIs and command-line tools, not for authorization checking. This operation 731may "fail open" without warning. 732 733Args: 734 resource: string, REQUIRED: The resource for which the policy detail is being requested. 735See the operation documentation for the appropriate value for this field. (required) 736 body: object, The request body. (required) 737 The object takes the form of: 738 739{ # Request message for `TestIamPermissions` method. 740 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 741 # wildcards (such as '*' or 'storage.*') are not allowed. For more 742 # information see 743 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 744 "A String", 745 ], 746 } 747 748 x__xgafv: string, V1 error format. 749 Allowed values 750 1 - v1 error format 751 2 - v2 error format 752 753Returns: 754 An object of the form: 755 756 { # Response message for `TestIamPermissions` method. 757 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 758 # allowed. 759 "A String", 760 ], 761 }</pre> 762</div> 763 764</body></html>