1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudresourcemanager_v1.html">Cloud Resource Manager API</a> . <a href="cloudresourcemanager_v1.projects.html">projects</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 79<p class="firstline">Clears a `Policy` from a resource.</p> 80<p class="toc_element"> 81 <code><a href="#create">create(body, x__xgafv=None)</a></code></p> 82<p class="firstline">Request that a new Project be created. The result is an Operation which</p> 83<p class="toc_element"> 84 <code><a href="#delete">delete(projectId, x__xgafv=None)</a></code></p> 85<p class="firstline">Marks the Project identified by the specified</p> 86<p class="toc_element"> 87 <code><a href="#get">get(projectId, x__xgafv=None)</a></code></p> 88<p class="firstline">Retrieves the Project identified by the specified</p> 89<p class="toc_element"> 90 <code><a href="#getAncestry">getAncestry(projectId, body=None, x__xgafv=None)</a></code></p> 91<p class="firstline">Gets a list of ancestors in the resource hierarchy for the Project</p> 92<p class="toc_element"> 93 <code><a href="#getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 94<p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p> 95<p class="toc_element"> 96 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 97<p class="firstline">Returns the IAM access control policy for the specified Project.</p> 98<p class="toc_element"> 99 <code><a href="#getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 100<p class="firstline">Gets a `Policy` on a resource.</p> 101<p class="toc_element"> 102 <code><a href="#list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 103<p class="firstline">Lists Projects that the caller has the `resourcemanager.projects.get`</p> 104<p class="toc_element"> 105 <code><a href="#listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body, x__xgafv=None)</a></code></p> 106<p class="firstline">Lists `Constraints` that could be applied on the specified resource.</p> 107<p class="toc_element"> 108 <code><a href="#listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</a></code></p> 109<p class="firstline">Retrieves the next page of results.</p> 110<p class="toc_element"> 111 <code><a href="#listOrgPolicies">listOrgPolicies(resource, body, x__xgafv=None)</a></code></p> 112<p class="firstline">Lists all the `Policies` set for a particular resource.</p> 113<p class="toc_element"> 114 <code><a href="#listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</a></code></p> 115<p class="firstline">Retrieves the next page of results.</p> 116<p class="toc_element"> 117 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 118<p class="firstline">Retrieves the next page of results.</p> 119<p class="toc_element"> 120 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 121<p class="firstline">Sets the IAM access control policy for the specified Project. Overwrites</p> 122<p class="toc_element"> 123 <code><a href="#setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 124<p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p> 125<p class="toc_element"> 126 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 127<p class="firstline">Returns permissions that a caller has on the specified Project.</p> 128<p class="toc_element"> 129 <code><a href="#undelete">undelete(projectId, body=None, x__xgafv=None)</a></code></p> 130<p class="firstline">Restores the Project identified by the specified</p> 131<p class="toc_element"> 132 <code><a href="#update">update(projectId, body, x__xgafv=None)</a></code></p> 133<p class="firstline">Updates the attributes of the Project identified by the specified</p> 134<h3>Method Details</h3> 135<div class="method"> 136 <code class="details" id="clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</code> 137 <pre>Clears a `Policy` from a resource. 138 139Args: 140 resource: string, Name of the resource for the `Policy` to clear. (required) 141 body: object, The request body. (required) 142 The object takes the form of: 143 144{ # The request sent to the ClearOrgPolicy method. 145 "etag": "A String", # The current version, for concurrency control. Not sending an `etag` 146 # will cause the `Policy` to be cleared blindly. 147 "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear. 148 } 149 150 x__xgafv: string, V1 error format. 151 Allowed values 152 1 - v1 error format 153 2 - v2 error format 154 155Returns: 156 An object of the form: 157 158 { # A generic empty message that you can re-use to avoid defining duplicated 159 # empty messages in your APIs. A typical example is to use it as the request 160 # or the response type of an API method. For instance: 161 # 162 # service Foo { 163 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 164 # } 165 # 166 # The JSON representation for `Empty` is empty JSON object `{}`. 167 }</pre> 168</div> 169 170<div class="method"> 171 <code class="details" id="create">create(body, x__xgafv=None)</code> 172 <pre>Request that a new Project be created. The result is an Operation which 173can be used to track the creation process. It is automatically deleted 174after a few hours, so there is no need to call DeleteOperation. 175 176Our SLO permits Project creation to take up to 30 seconds at the 90th 177percentile. As of 2016-08-29, we are observing 6 seconds 50th percentile 178latency. 95th percentile latency is around 11 seconds. We recommend 179polling at the 5th second with an exponential backoff. 180 181Authorization requires the Google IAM permission 182`resourcemanager.projects.create` on the specified parent for the new 183project. The parent is identified by a specified ResourceId, 184which must include both an ID and a type, such as organization. 185 186This method does not associate the new project with a billing account. 187You can set or update the billing account associated with a project using 188the [`projects.updateBillingInfo`] 189(/billing/reference/rest/v1/projects/updateBillingInfo) method. 190 191Args: 192 body: object, The request body. (required) 193 The object takes the form of: 194 195{ # A Project is a high-level Google Cloud Platform entity. It is a 196 # container for ACLs, APIs, App Engine Apps, VMs, and other 197 # Google Cloud Platform resources. 198 "name": "A String", # The optional user-assigned display name of the Project. 199 # When present it must be between 4 to 30 characters. 200 # Allowed characters are: lowercase and uppercase letters, numbers, 201 # hyphen, single-quote, double-quote, space, and exclamation point. 202 # 203 # Example: <code>My Project</code> 204 # Read-write. 205 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 206 # 207 # Supported parent types include "organization" and "folder". Once set, the 208 # parent cannot be cleared. The `parent` can be set on creation or using the 209 # `UpdateProject` method; the end user must have the 210 # `resourcemanager.projects.create` permission on the parent. 211 # 212 # Read-write. 213 # Cloud Platform is a generic term for something you (a developer) may want to 214 # interact with through one of our API's. Some examples are an App Engine app, 215 # a Compute Engine instance, a Cloud SQL database, and so on. 216 "type": "A String", # Required field representing the resource type this id is for. 217 # At present, the valid types are: "organization" and "folder". 218 "id": "A String", # Required field for the type-specific id. This should correspond to the id 219 # used in the type-specific API's. 220 }, 221 "projectId": "A String", # The unique, user-assigned ID of the Project. 222 # It must be 6 to 30 lowercase letters, digits, or hyphens. 223 # It must start with a letter. 224 # Trailing hyphens are prohibited. 225 # 226 # Example: <code>tokyo-rain-123</code> 227 # Read-only after creation. 228 "labels": { # The labels associated with this Project. 229 # 230 # Label keys must be between 1 and 63 characters long and must conform 231 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 232 # 233 # Label values must be between 0 and 63 characters long and must conform 234 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label 235 # value can be empty. 236 # 237 # No more than 256 labels can be associated with a given resource. 238 # 239 # Clients should store labels in a representation such as JSON that does not 240 # depend on specific characters being disallowed. 241 # 242 # Example: <code>"environment" : "dev"</code> 243 # Read-write. 244 "a_key": "A String", 245 }, 246 "createTime": "A String", # Creation time. 247 # 248 # Read-only. 249 "lifecycleState": "A String", # The Project lifecycle state. 250 # 251 # Read-only. 252 "projectNumber": "A String", # The number uniquely identifying the project. 253 # 254 # Example: <code>415104041262</code> 255 # Read-only. 256} 257 258 x__xgafv: string, V1 error format. 259 Allowed values 260 1 - v1 error format 261 2 - v2 error format 262 263Returns: 264 An object of the form: 265 266 { # This resource represents a long-running operation that is the result of a 267 # network API call. 268 "metadata": { # Service-specific metadata associated with the operation. It typically 269 # contains progress information and common metadata such as create time. 270 # Some services might not provide such metadata. Any method that returns a 271 # long-running operation should document the metadata type, if any. 272 "a_key": "", # Properties of the object. Contains field @type with type URL. 273 }, 274 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 275 # different programming environments, including REST APIs and RPC APIs. It is 276 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 277 # three pieces of data: error code, error message, and error details. 278 # 279 # You can find out more about this error model and how to work with it in the 280 # [API Design Guide](https://cloud.google.com/apis/design/errors). 281 "message": "A String", # A developer-facing error message, which should be in English. Any 282 # user-facing error message should be localized and sent in the 283 # google.rpc.Status.details field, or localized by the client. 284 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 285 "details": [ # A list of messages that carry the error details. There is a common set of 286 # message types for APIs to use. 287 { 288 "a_key": "", # Properties of the object. Contains field @type with type URL. 289 }, 290 ], 291 }, 292 "done": True or False, # If the value is `false`, it means the operation is still in progress. 293 # If `true`, the operation is completed, and either `error` or `response` is 294 # available. 295 "response": { # The normal response of the operation in case of success. If the original 296 # method returns no data on success, such as `Delete`, the response is 297 # `google.protobuf.Empty`. If the original method is standard 298 # `Get`/`Create`/`Update`, the response should be the resource. For other 299 # methods, the response should have the type `XxxResponse`, where `Xxx` 300 # is the original method name. For example, if the original method name 301 # is `TakeSnapshot()`, the inferred response type is 302 # `TakeSnapshotResponse`. 303 "a_key": "", # Properties of the object. Contains field @type with type URL. 304 }, 305 "name": "A String", # The server-assigned name, which is only unique within the same service that 306 # originally returns it. If you use the default HTTP mapping, the 307 # `name` should be a resource name ending with `operations/{unique_id}`. 308 }</pre> 309</div> 310 311<div class="method"> 312 <code class="details" id="delete">delete(projectId, x__xgafv=None)</code> 313 <pre>Marks the Project identified by the specified 314`project_id` (for example, `my-project-123`) for deletion. 315This method will only affect the Project if it has a lifecycle state of 316ACTIVE. 317 318This method changes the Project's lifecycle state from 319ACTIVE 320to DELETE_REQUESTED. 321The deletion starts at an unspecified time, 322at which point the Project is no longer accessible. 323 324Until the deletion completes, you can check the lifecycle state 325checked by retrieving the Project with GetProject, 326and the Project remains visible to ListProjects. 327However, you cannot update the project. 328 329After the deletion completes, the Project is not retrievable by 330the GetProject and 331ListProjects methods. 332 333The caller must have modify permissions for this Project. 334 335Args: 336 projectId: string, The Project ID (for example, `foo-bar-123`). 337 338Required. (required) 339 x__xgafv: string, V1 error format. 340 Allowed values 341 1 - v1 error format 342 2 - v2 error format 343 344Returns: 345 An object of the form: 346 347 { # A generic empty message that you can re-use to avoid defining duplicated 348 # empty messages in your APIs. A typical example is to use it as the request 349 # or the response type of an API method. For instance: 350 # 351 # service Foo { 352 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 353 # } 354 # 355 # The JSON representation for `Empty` is empty JSON object `{}`. 356 }</pre> 357</div> 358 359<div class="method"> 360 <code class="details" id="get">get(projectId, x__xgafv=None)</code> 361 <pre>Retrieves the Project identified by the specified 362`project_id` (for example, `my-project-123`). 363 364The caller must have read permissions for this Project. 365 366Args: 367 projectId: string, The Project ID (for example, `my-project-123`). 368 369Required. (required) 370 x__xgafv: string, V1 error format. 371 Allowed values 372 1 - v1 error format 373 2 - v2 error format 374 375Returns: 376 An object of the form: 377 378 { # A Project is a high-level Google Cloud Platform entity. It is a 379 # container for ACLs, APIs, App Engine Apps, VMs, and other 380 # Google Cloud Platform resources. 381 "name": "A String", # The optional user-assigned display name of the Project. 382 # When present it must be between 4 to 30 characters. 383 # Allowed characters are: lowercase and uppercase letters, numbers, 384 # hyphen, single-quote, double-quote, space, and exclamation point. 385 # 386 # Example: <code>My Project</code> 387 # Read-write. 388 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 389 # 390 # Supported parent types include "organization" and "folder". Once set, the 391 # parent cannot be cleared. The `parent` can be set on creation or using the 392 # `UpdateProject` method; the end user must have the 393 # `resourcemanager.projects.create` permission on the parent. 394 # 395 # Read-write. 396 # Cloud Platform is a generic term for something you (a developer) may want to 397 # interact with through one of our API's. Some examples are an App Engine app, 398 # a Compute Engine instance, a Cloud SQL database, and so on. 399 "type": "A String", # Required field representing the resource type this id is for. 400 # At present, the valid types are: "organization" and "folder". 401 "id": "A String", # Required field for the type-specific id. This should correspond to the id 402 # used in the type-specific API's. 403 }, 404 "projectId": "A String", # The unique, user-assigned ID of the Project. 405 # It must be 6 to 30 lowercase letters, digits, or hyphens. 406 # It must start with a letter. 407 # Trailing hyphens are prohibited. 408 # 409 # Example: <code>tokyo-rain-123</code> 410 # Read-only after creation. 411 "labels": { # The labels associated with this Project. 412 # 413 # Label keys must be between 1 and 63 characters long and must conform 414 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 415 # 416 # Label values must be between 0 and 63 characters long and must conform 417 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label 418 # value can be empty. 419 # 420 # No more than 256 labels can be associated with a given resource. 421 # 422 # Clients should store labels in a representation such as JSON that does not 423 # depend on specific characters being disallowed. 424 # 425 # Example: <code>"environment" : "dev"</code> 426 # Read-write. 427 "a_key": "A String", 428 }, 429 "createTime": "A String", # Creation time. 430 # 431 # Read-only. 432 "lifecycleState": "A String", # The Project lifecycle state. 433 # 434 # Read-only. 435 "projectNumber": "A String", # The number uniquely identifying the project. 436 # 437 # Example: <code>415104041262</code> 438 # Read-only. 439 }</pre> 440</div> 441 442<div class="method"> 443 <code class="details" id="getAncestry">getAncestry(projectId, body=None, x__xgafv=None)</code> 444 <pre>Gets a list of ancestors in the resource hierarchy for the Project 445identified by the specified `project_id` (for example, `my-project-123`). 446 447The caller must have read permissions for this Project. 448 449Args: 450 projectId: string, The Project ID (for example, `my-project-123`). 451 452Required. (required) 453 body: object, The request body. 454 The object takes the form of: 455 456{ # The request sent to the 457 # GetAncestry 458 # method. 459 } 460 461 x__xgafv: string, V1 error format. 462 Allowed values 463 1 - v1 error format 464 2 - v2 error format 465 466Returns: 467 An object of the form: 468 469 { # Response from the GetAncestry method. 470 "ancestor": [ # Ancestors are ordered from bottom to top of the resource hierarchy. The 471 # first ancestor is the project itself, followed by the project's parent, 472 # etc.. 473 { # Identifying information for a single ancestor of a project. 474 "resourceId": { # A container to reference an id for any resource type. A `resource` in Google # Resource id of the ancestor. 475 # Cloud Platform is a generic term for something you (a developer) may want to 476 # interact with through one of our API's. Some examples are an App Engine app, 477 # a Compute Engine instance, a Cloud SQL database, and so on. 478 "type": "A String", # Required field representing the resource type this id is for. 479 # At present, the valid types are: "organization" and "folder". 480 "id": "A String", # Required field for the type-specific id. This should correspond to the id 481 # used in the type-specific API's. 482 }, 483 }, 484 ], 485 }</pre> 486</div> 487 488<div class="method"> 489 <code class="details" id="getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</code> 490 <pre>Gets the effective `Policy` on a resource. This is the result of merging 491`Policies` in the resource hierarchy. The returned `Policy` will not have 492an `etag`set because it is a computed `Policy` across multiple resources. 493Subtrees of Resource Manager resource hierarchy with 'under:' prefix will 494not be expanded. 495 496Args: 497 resource: string, The name of the resource to start computing the effective `Policy`. (required) 498 body: object, The request body. (required) 499 The object takes the form of: 500 501{ # The request sent to the GetEffectiveOrgPolicy method. 502 "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`. 503 } 504 505 x__xgafv: string, V1 error format. 506 Allowed values 507 1 - v1 error format 508 2 - v2 error format 509 510Returns: 511 An object of the form: 512 513 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 514 # for configurations of Cloud Platform resources. 515 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 516 # server, not specified by the caller, and represents the last time a call to 517 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 518 # be ignored. 519 "version": 42, # Version of the `Policy`. Default version is 0; 520 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 521 # `constraints/serviceuser.services`. 522 # 523 # Immutable after creation. 524 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 525 # `Constraint` type. 526 # `constraint_default` enforcement behavior of the specific `Constraint` at 527 # this resource. 528 # 529 # Suppose that `constraint_default` is set to `ALLOW` for the 530 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 531 # foo.com sets a `Policy` at their Organization resource node that restricts 532 # the allowed service activations to deny all service activations. They 533 # could then set a `Policy` with the `policy_type` `restore_default` on 534 # several experimental projects, restoring the `constraint_default` 535 # enforcement of the `Constraint` for only those projects, allowing those 536 # projects to have all services activated. 537 }, 538 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 539 # resource. 540 # 541 # `ListPolicy` can define specific values and subtrees of Cloud Resource 542 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that 543 # are allowed or denied by setting the `allowed_values` and `denied_values` 544 # fields. This is achieved by using the `under:` and optional `is:` prefixes. 545 # The `under:` prefix is used to denote resource subtree values. 546 # The `is:` prefix is used to denote specific values, and is required only 547 # if the value contains a ":". Values prefixed with "is:" are treated the 548 # same as values with no prefix. 549 # Ancestry subtrees must be in one of the following formats: 550 # - “projects/<project-id>”, e.g. “projects/tokyo-rain-123” 551 # - “folders/<folder-id>”, e.g. “folders/1234” 552 # - “organizations/<organization-id>”, e.g. “organizations/1234” 553 # The `supports_under` field of the associated `Constraint` defines whether 554 # ancestry prefixes can be used. You can set `allowed_values` and 555 # `denied_values` in the same `Policy` if `all_values` is 556 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all 557 # values. If `all_values` is set to either `ALLOW` or `DENY`, 558 # `allowed_values` and `denied_values` must be unset. 559 "allValues": "A String", # The policy all_values state. 560 "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` 561 # is set to `ALL_VALUES_UNSPECIFIED`. 562 "A String", 563 ], 564 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 565 # 566 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 567 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 568 # set to `true`, then the values from the effective `Policy` of the parent 569 # resource are inherited, meaning the values set in this `Policy` are 570 # added to the values inherited up the hierarchy. 571 # 572 # Setting `Policy` hierarchies that inherit both allowed values and denied 573 # values isn't recommended in most circumstances to keep the configuration 574 # simple and understandable. However, it is possible to set a `Policy` with 575 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 576 # In this case, the values that are allowed must be in `allowed_values` and 577 # not present in `denied_values`. 578 # 579 # For example, suppose you have a `Constraint` 580 # `constraints/serviceuser.services`, which has a `constraint_type` of 581 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 582 # Suppose that at the Organization level, a `Policy` is applied that 583 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 584 # `Policy` is applied to a project below the Organization that has 585 # `inherit_from_parent` set to `false` and field all_values set to DENY, 586 # then an attempt to activate any API will be denied. 587 # 588 # The following examples demonstrate different possible layerings for 589 # `projects/bar` parented by `organizations/foo`: 590 # 591 # Example 1 (no inherited values): 592 # `organizations/foo` has a `Policy` with values: 593 # {allowed_values: “E1” allowed_values:”E2”} 594 # `projects/bar` has `inherit_from_parent` `false` and values: 595 # {allowed_values: "E3" allowed_values: "E4"} 596 # The accepted values at `organizations/foo` are `E1`, `E2`. 597 # The accepted values at `projects/bar` are `E3`, and `E4`. 598 # 599 # Example 2 (inherited values): 600 # `organizations/foo` has a `Policy` with values: 601 # {allowed_values: “E1” allowed_values:”E2”} 602 # `projects/bar` has a `Policy` with values: 603 # {value: “E3” value: ”E4” inherit_from_parent: true} 604 # The accepted values at `organizations/foo` are `E1`, `E2`. 605 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 606 # 607 # Example 3 (inheriting both allowed and denied values): 608 # `organizations/foo` has a `Policy` with values: 609 # {allowed_values: "E1" allowed_values: "E2"} 610 # `projects/bar` has a `Policy` with: 611 # {denied_values: "E1"} 612 # The accepted values at `organizations/foo` are `E1`, `E2`. 613 # The value accepted at `projects/bar` is `E2`. 614 # 615 # Example 4 (RestoreDefault): 616 # `organizations/foo` has a `Policy` with values: 617 # {allowed_values: “E1” allowed_values:”E2”} 618 # `projects/bar` has a `Policy` with values: 619 # {RestoreDefault: {}} 620 # The accepted values at `organizations/foo` are `E1`, `E2`. 621 # The accepted values at `projects/bar` are either all or none depending on 622 # the value of `constraint_default` (if `ALLOW`, all; if 623 # `DENY`, none). 624 # 625 # Example 5 (no policy inherits parent policy): 626 # `organizations/foo` has no `Policy` set. 627 # `projects/bar` has no `Policy` set. 628 # The accepted values at both levels are either all or none depending on 629 # the value of `constraint_default` (if `ALLOW`, all; if 630 # `DENY`, none). 631 # 632 # Example 6 (ListConstraint allowing all): 633 # `organizations/foo` has a `Policy` with values: 634 # {allowed_values: “E1” allowed_values: ”E2”} 635 # `projects/bar` has a `Policy` with: 636 # {all: ALLOW} 637 # The accepted values at `organizations/foo` are `E1`, E2`. 638 # Any value is accepted at `projects/bar`. 639 # 640 # Example 7 (ListConstraint allowing none): 641 # `organizations/foo` has a `Policy` with values: 642 # {allowed_values: “E1” allowed_values: ”E2”} 643 # `projects/bar` has a `Policy` with: 644 # {all: DENY} 645 # The accepted values at `organizations/foo` are `E1`, E2`. 646 # No value is accepted at `projects/bar`. 647 # 648 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy): 649 # Given the following resource hierarchy 650 # O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, 651 # `organizations/foo` has a `Policy` with values: 652 # {allowed_values: "under:organizations/O1"} 653 # `projects/bar` has a `Policy` with: 654 # {allowed_values: "under:projects/P3"} 655 # {denied_values: "under:folders/F2"} 656 # The accepted values at `organizations/foo` are `organizations/O1`, 657 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, 658 # `projects/P3`. 659 # The accepted values at `projects/bar` are `organizations/O1`, 660 # `folders/F1`, `projects/P1`. 661 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 662 # that matches the value specified in this `Policy`. If `suggested_value` 663 # is not set, it will inherit the value specified higher in the hierarchy, 664 # unless `inherit_from_parent` is `false`. 665 "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` 666 # is set to `ALL_VALUES_UNSPECIFIED`. 667 "A String", 668 ], 669 }, 670 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 671 # resource. 672 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 673 # configuration is acceptable. 674 # 675 # Suppose you have a `Constraint` 676 # `constraints/compute.disableSerialPortAccess` with `constraint_default` 677 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 678 # behavior: 679 # - If the `Policy` at this resource has enforced set to `false`, serial 680 # port connection attempts will be allowed. 681 # - If the `Policy` at this resource has enforced set to `true`, serial 682 # port connection attempts will be refused. 683 # - If the `Policy` at this resource is `RestoreDefault`, serial port 684 # connection attempts will be allowed. 685 # - If no `Policy` is set at this resource or anywhere higher in the 686 # resource hierarchy, serial port connection attempts will be allowed. 687 # - If no `Policy` is set at this resource, but one exists higher in the 688 # resource hierarchy, the behavior is as if the`Policy` were set at 689 # this resource. 690 # 691 # The following examples demonstrate the different possible layerings: 692 # 693 # Example 1 (nearest `Constraint` wins): 694 # `organizations/foo` has a `Policy` with: 695 # {enforced: false} 696 # `projects/bar` has no `Policy` set. 697 # The constraint at `projects/bar` and `organizations/foo` will not be 698 # enforced. 699 # 700 # Example 2 (enforcement gets replaced): 701 # `organizations/foo` has a `Policy` with: 702 # {enforced: false} 703 # `projects/bar` has a `Policy` with: 704 # {enforced: true} 705 # The constraint at `organizations/foo` is not enforced. 706 # The constraint at `projects/bar` is enforced. 707 # 708 # Example 3 (RestoreDefault): 709 # `organizations/foo` has a `Policy` with: 710 # {enforced: true} 711 # `projects/bar` has a `Policy` with: 712 # {RestoreDefault: {}} 713 # The constraint at `organizations/foo` is enforced. 714 # The constraint at `projects/bar` is not enforced, because 715 # `constraint_default` for the `Constraint` is `ALLOW`. 716 }, 717 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 718 # concurrency control. 719 # 720 # When the `Policy` is returned from either a `GetPolicy` or a 721 # `ListOrgPolicy` request, this `etag` indicates the version of the current 722 # `Policy` to use when executing a read-modify-write loop. 723 # 724 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 725 # `etag` will be unset. 726 # 727 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 728 # that was returned from a `GetOrgPolicy` request as part of a 729 # read-modify-write loop for concurrency control. Not setting the `etag`in a 730 # `SetOrgPolicy` request will result in an unconditional write of the 731 # `Policy`. 732 }</pre> 733</div> 734 735<div class="method"> 736 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 737 <pre>Returns the IAM access control policy for the specified Project. 738Permission is denied if the policy or the resource does not exist. 739 740Authorization requires the Google IAM permission 741`resourcemanager.projects.getIamPolicy` on the project. 742 743For additional information about resource structure and identification, 744see [Resource Names](/apis/design/resource_names). 745 746Args: 747 resource: string, REQUIRED: The resource for which the policy is being requested. 748See the operation documentation for the appropriate value for this field. (required) 749 body: object, The request body. 750 The object takes the form of: 751 752{ # Request message for `GetIamPolicy` method. 753 } 754 755 x__xgafv: string, V1 error format. 756 Allowed values 757 1 - v1 error format 758 2 - v2 error format 759 760Returns: 761 An object of the form: 762 763 { # Defines an Identity and Access Management (IAM) policy. It is used to 764 # specify access control policies for Cloud Platform resources. 765 # 766 # 767 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 768 # `members` to a `role`, where the members can be user accounts, Google groups, 769 # Google domains, and service accounts. A `role` is a named list of permissions 770 # defined by IAM. 771 # 772 # **JSON Example** 773 # 774 # { 775 # "bindings": [ 776 # { 777 # "role": "roles/owner", 778 # "members": [ 779 # "user:mike@example.com", 780 # "group:admins@example.com", 781 # "domain:google.com", 782 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 783 # ] 784 # }, 785 # { 786 # "role": "roles/viewer", 787 # "members": ["user:sean@example.com"] 788 # } 789 # ] 790 # } 791 # 792 # **YAML Example** 793 # 794 # bindings: 795 # - members: 796 # - user:mike@example.com 797 # - group:admins@example.com 798 # - domain:google.com 799 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 800 # role: roles/owner 801 # - members: 802 # - user:sean@example.com 803 # role: roles/viewer 804 # 805 # 806 # For a description of IAM and its features, see the 807 # [IAM developer's guide](https://cloud.google.com/iam/docs). 808 "bindings": [ # Associates a list of `members` to a `role`. 809 # `bindings` with no members will result in an error. 810 { # Associates `members` with a `role`. 811 "role": "A String", # Role that is assigned to `members`. 812 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 813 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 814 # NOTE: An unsatisfied condition will not allow user access via current 815 # binding. Different bindings, including their conditions, are examined 816 # independently. 817 # 818 # title: "User account presence" 819 # description: "Determines whether the request has a user account" 820 # expression: "size(request.user) > 0" 821 "location": "A String", # An optional string indicating the location of the expression for error 822 # reporting, e.g. a file name and a position in the file. 823 "expression": "A String", # Textual representation of an expression in 824 # Common Expression Language syntax. 825 # 826 # The application context of the containing message determines which 827 # well-known feature set of CEL is supported. 828 "description": "A String", # An optional description of the expression. This is a longer text which 829 # describes the expression, e.g. when hovered over it in a UI. 830 "title": "A String", # An optional title for the expression, i.e. a short string describing 831 # its purpose. This can be used e.g. in UIs which allow to enter the 832 # expression. 833 }, 834 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 835 # `members` can have the following values: 836 # 837 # * `allUsers`: A special identifier that represents anyone who is 838 # on the internet; with or without a Google account. 839 # 840 # * `allAuthenticatedUsers`: A special identifier that represents anyone 841 # who is authenticated with a Google account or a service account. 842 # 843 # * `user:{emailid}`: An email address that represents a specific Google 844 # account. For example, `alice@gmail.com` . 845 # 846 # 847 # * `serviceAccount:{emailid}`: An email address that represents a service 848 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 849 # 850 # * `group:{emailid}`: An email address that represents a Google group. 851 # For example, `admins@example.com`. 852 # 853 # 854 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 855 # users of that domain. For example, `google.com` or `example.com`. 856 # 857 "A String", 858 ], 859 }, 860 ], 861 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 862 # prevent simultaneous updates of a policy from overwriting each other. 863 # It is strongly suggested that systems make use of the `etag` in the 864 # read-modify-write cycle to perform policy updates in order to avoid race 865 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 866 # systems are expected to put that etag in the request to `setIamPolicy` to 867 # ensure that their change will be applied to the same version of the policy. 868 # 869 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 870 # policy is overwritten blindly. 871 "version": 42, # Deprecated. 872 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 873 { # Specifies the audit configuration for a service. 874 # The configuration determines which permission types are logged, and what 875 # identities, if any, are exempted from logging. 876 # An AuditConfig must have one or more AuditLogConfigs. 877 # 878 # If there are AuditConfigs for both `allServices` and a specific service, 879 # the union of the two AuditConfigs is used for that service: the log_types 880 # specified in each AuditConfig are enabled, and the exempted_members in each 881 # AuditLogConfig are exempted. 882 # 883 # Example Policy with multiple AuditConfigs: 884 # 885 # { 886 # "audit_configs": [ 887 # { 888 # "service": "allServices" 889 # "audit_log_configs": [ 890 # { 891 # "log_type": "DATA_READ", 892 # "exempted_members": [ 893 # "user:foo@gmail.com" 894 # ] 895 # }, 896 # { 897 # "log_type": "DATA_WRITE", 898 # }, 899 # { 900 # "log_type": "ADMIN_READ", 901 # } 902 # ] 903 # }, 904 # { 905 # "service": "fooservice.googleapis.com" 906 # "audit_log_configs": [ 907 # { 908 # "log_type": "DATA_READ", 909 # }, 910 # { 911 # "log_type": "DATA_WRITE", 912 # "exempted_members": [ 913 # "user:bar@gmail.com" 914 # ] 915 # } 916 # ] 917 # } 918 # ] 919 # } 920 # 921 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 922 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 923 # bar@gmail.com from DATA_WRITE logging. 924 "auditLogConfigs": [ # The configuration for logging of each type of permission. 925 { # Provides the configuration for logging a type of permissions. 926 # Example: 927 # 928 # { 929 # "audit_log_configs": [ 930 # { 931 # "log_type": "DATA_READ", 932 # "exempted_members": [ 933 # "user:foo@gmail.com" 934 # ] 935 # }, 936 # { 937 # "log_type": "DATA_WRITE", 938 # } 939 # ] 940 # } 941 # 942 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 943 # foo@gmail.com from DATA_READ logging. 944 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 945 # permission. 946 # Follows the same format of Binding.members. 947 "A String", 948 ], 949 "logType": "A String", # The log type that this config enables. 950 }, 951 ], 952 "service": "A String", # Specifies a service that will be enabled for audit logging. 953 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 954 # `allServices` is a special value that covers all services. 955 }, 956 ], 957 }</pre> 958</div> 959 960<div class="method"> 961 <code class="details" id="getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</code> 962 <pre>Gets a `Policy` on a resource. 963 964If no `Policy` is set on the resource, a `Policy` is returned with default 965values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The 966`etag` value can be used with `SetOrgPolicy()` to create or update a 967`Policy` during read-modify-write. 968 969Args: 970 resource: string, Name of the resource the `Policy` is set on. (required) 971 body: object, The request body. (required) 972 The object takes the form of: 973 974{ # The request sent to the GetOrgPolicy method. 975 "constraint": "A String", # Name of the `Constraint` to get the `Policy`. 976 } 977 978 x__xgafv: string, V1 error format. 979 Allowed values 980 1 - v1 error format 981 2 - v2 error format 982 983Returns: 984 An object of the form: 985 986 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 987 # for configurations of Cloud Platform resources. 988 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 989 # server, not specified by the caller, and represents the last time a call to 990 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 991 # be ignored. 992 "version": 42, # Version of the `Policy`. Default version is 0; 993 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 994 # `constraints/serviceuser.services`. 995 # 996 # Immutable after creation. 997 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 998 # `Constraint` type. 999 # `constraint_default` enforcement behavior of the specific `Constraint` at 1000 # this resource. 1001 # 1002 # Suppose that `constraint_default` is set to `ALLOW` for the 1003 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 1004 # foo.com sets a `Policy` at their Organization resource node that restricts 1005 # the allowed service activations to deny all service activations. They 1006 # could then set a `Policy` with the `policy_type` `restore_default` on 1007 # several experimental projects, restoring the `constraint_default` 1008 # enforcement of the `Constraint` for only those projects, allowing those 1009 # projects to have all services activated. 1010 }, 1011 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 1012 # resource. 1013 # 1014 # `ListPolicy` can define specific values and subtrees of Cloud Resource 1015 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that 1016 # are allowed or denied by setting the `allowed_values` and `denied_values` 1017 # fields. This is achieved by using the `under:` and optional `is:` prefixes. 1018 # The `under:` prefix is used to denote resource subtree values. 1019 # The `is:` prefix is used to denote specific values, and is required only 1020 # if the value contains a ":". Values prefixed with "is:" are treated the 1021 # same as values with no prefix. 1022 # Ancestry subtrees must be in one of the following formats: 1023 # - “projects/<project-id>”, e.g. “projects/tokyo-rain-123” 1024 # - “folders/<folder-id>”, e.g. “folders/1234” 1025 # - “organizations/<organization-id>”, e.g. “organizations/1234” 1026 # The `supports_under` field of the associated `Constraint` defines whether 1027 # ancestry prefixes can be used. You can set `allowed_values` and 1028 # `denied_values` in the same `Policy` if `all_values` is 1029 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all 1030 # values. If `all_values` is set to either `ALLOW` or `DENY`, 1031 # `allowed_values` and `denied_values` must be unset. 1032 "allValues": "A String", # The policy all_values state. 1033 "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` 1034 # is set to `ALL_VALUES_UNSPECIFIED`. 1035 "A String", 1036 ], 1037 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 1038 # 1039 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 1040 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 1041 # set to `true`, then the values from the effective `Policy` of the parent 1042 # resource are inherited, meaning the values set in this `Policy` are 1043 # added to the values inherited up the hierarchy. 1044 # 1045 # Setting `Policy` hierarchies that inherit both allowed values and denied 1046 # values isn't recommended in most circumstances to keep the configuration 1047 # simple and understandable. However, it is possible to set a `Policy` with 1048 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 1049 # In this case, the values that are allowed must be in `allowed_values` and 1050 # not present in `denied_values`. 1051 # 1052 # For example, suppose you have a `Constraint` 1053 # `constraints/serviceuser.services`, which has a `constraint_type` of 1054 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 1055 # Suppose that at the Organization level, a `Policy` is applied that 1056 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 1057 # `Policy` is applied to a project below the Organization that has 1058 # `inherit_from_parent` set to `false` and field all_values set to DENY, 1059 # then an attempt to activate any API will be denied. 1060 # 1061 # The following examples demonstrate different possible layerings for 1062 # `projects/bar` parented by `organizations/foo`: 1063 # 1064 # Example 1 (no inherited values): 1065 # `organizations/foo` has a `Policy` with values: 1066 # {allowed_values: “E1” allowed_values:”E2”} 1067 # `projects/bar` has `inherit_from_parent` `false` and values: 1068 # {allowed_values: "E3" allowed_values: "E4"} 1069 # The accepted values at `organizations/foo` are `E1`, `E2`. 1070 # The accepted values at `projects/bar` are `E3`, and `E4`. 1071 # 1072 # Example 2 (inherited values): 1073 # `organizations/foo` has a `Policy` with values: 1074 # {allowed_values: “E1” allowed_values:”E2”} 1075 # `projects/bar` has a `Policy` with values: 1076 # {value: “E3” value: ”E4” inherit_from_parent: true} 1077 # The accepted values at `organizations/foo` are `E1`, `E2`. 1078 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 1079 # 1080 # Example 3 (inheriting both allowed and denied values): 1081 # `organizations/foo` has a `Policy` with values: 1082 # {allowed_values: "E1" allowed_values: "E2"} 1083 # `projects/bar` has a `Policy` with: 1084 # {denied_values: "E1"} 1085 # The accepted values at `organizations/foo` are `E1`, `E2`. 1086 # The value accepted at `projects/bar` is `E2`. 1087 # 1088 # Example 4 (RestoreDefault): 1089 # `organizations/foo` has a `Policy` with values: 1090 # {allowed_values: “E1” allowed_values:”E2”} 1091 # `projects/bar` has a `Policy` with values: 1092 # {RestoreDefault: {}} 1093 # The accepted values at `organizations/foo` are `E1`, `E2`. 1094 # The accepted values at `projects/bar` are either all or none depending on 1095 # the value of `constraint_default` (if `ALLOW`, all; if 1096 # `DENY`, none). 1097 # 1098 # Example 5 (no policy inherits parent policy): 1099 # `organizations/foo` has no `Policy` set. 1100 # `projects/bar` has no `Policy` set. 1101 # The accepted values at both levels are either all or none depending on 1102 # the value of `constraint_default` (if `ALLOW`, all; if 1103 # `DENY`, none). 1104 # 1105 # Example 6 (ListConstraint allowing all): 1106 # `organizations/foo` has a `Policy` with values: 1107 # {allowed_values: “E1” allowed_values: ”E2”} 1108 # `projects/bar` has a `Policy` with: 1109 # {all: ALLOW} 1110 # The accepted values at `organizations/foo` are `E1`, E2`. 1111 # Any value is accepted at `projects/bar`. 1112 # 1113 # Example 7 (ListConstraint allowing none): 1114 # `organizations/foo` has a `Policy` with values: 1115 # {allowed_values: “E1” allowed_values: ”E2”} 1116 # `projects/bar` has a `Policy` with: 1117 # {all: DENY} 1118 # The accepted values at `organizations/foo` are `E1`, E2`. 1119 # No value is accepted at `projects/bar`. 1120 # 1121 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy): 1122 # Given the following resource hierarchy 1123 # O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, 1124 # `organizations/foo` has a `Policy` with values: 1125 # {allowed_values: "under:organizations/O1"} 1126 # `projects/bar` has a `Policy` with: 1127 # {allowed_values: "under:projects/P3"} 1128 # {denied_values: "under:folders/F2"} 1129 # The accepted values at `organizations/foo` are `organizations/O1`, 1130 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, 1131 # `projects/P3`. 1132 # The accepted values at `projects/bar` are `organizations/O1`, 1133 # `folders/F1`, `projects/P1`. 1134 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1135 # that matches the value specified in this `Policy`. If `suggested_value` 1136 # is not set, it will inherit the value specified higher in the hierarchy, 1137 # unless `inherit_from_parent` is `false`. 1138 "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` 1139 # is set to `ALL_VALUES_UNSPECIFIED`. 1140 "A String", 1141 ], 1142 }, 1143 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 1144 # resource. 1145 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 1146 # configuration is acceptable. 1147 # 1148 # Suppose you have a `Constraint` 1149 # `constraints/compute.disableSerialPortAccess` with `constraint_default` 1150 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 1151 # behavior: 1152 # - If the `Policy` at this resource has enforced set to `false`, serial 1153 # port connection attempts will be allowed. 1154 # - If the `Policy` at this resource has enforced set to `true`, serial 1155 # port connection attempts will be refused. 1156 # - If the `Policy` at this resource is `RestoreDefault`, serial port 1157 # connection attempts will be allowed. 1158 # - If no `Policy` is set at this resource or anywhere higher in the 1159 # resource hierarchy, serial port connection attempts will be allowed. 1160 # - If no `Policy` is set at this resource, but one exists higher in the 1161 # resource hierarchy, the behavior is as if the`Policy` were set at 1162 # this resource. 1163 # 1164 # The following examples demonstrate the different possible layerings: 1165 # 1166 # Example 1 (nearest `Constraint` wins): 1167 # `organizations/foo` has a `Policy` with: 1168 # {enforced: false} 1169 # `projects/bar` has no `Policy` set. 1170 # The constraint at `projects/bar` and `organizations/foo` will not be 1171 # enforced. 1172 # 1173 # Example 2 (enforcement gets replaced): 1174 # `organizations/foo` has a `Policy` with: 1175 # {enforced: false} 1176 # `projects/bar` has a `Policy` with: 1177 # {enforced: true} 1178 # The constraint at `organizations/foo` is not enforced. 1179 # The constraint at `projects/bar` is enforced. 1180 # 1181 # Example 3 (RestoreDefault): 1182 # `organizations/foo` has a `Policy` with: 1183 # {enforced: true} 1184 # `projects/bar` has a `Policy` with: 1185 # {RestoreDefault: {}} 1186 # The constraint at `organizations/foo` is enforced. 1187 # The constraint at `projects/bar` is not enforced, because 1188 # `constraint_default` for the `Constraint` is `ALLOW`. 1189 }, 1190 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 1191 # concurrency control. 1192 # 1193 # When the `Policy` is returned from either a `GetPolicy` or a 1194 # `ListOrgPolicy` request, this `etag` indicates the version of the current 1195 # `Policy` to use when executing a read-modify-write loop. 1196 # 1197 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 1198 # `etag` will be unset. 1199 # 1200 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1201 # that was returned from a `GetOrgPolicy` request as part of a 1202 # read-modify-write loop for concurrency control. Not setting the `etag`in a 1203 # `SetOrgPolicy` request will result in an unconditional write of the 1204 # `Policy`. 1205 }</pre> 1206</div> 1207 1208<div class="method"> 1209 <code class="details" id="list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 1210 <pre>Lists Projects that the caller has the `resourcemanager.projects.get` 1211permission on and satisfy the specified filter. 1212 1213This method returns Projects in an unspecified order. 1214This method is eventually consistent with project mutations; this means 1215that a newly created project may not appear in the results or recent 1216updates to an existing project may not be reflected in the results. To 1217retrieve the latest state of a project, use the 1218GetProject method. 1219 1220NOTE: If the request filter contains a `parent.type` and `parent.id` and 1221the caller has the `resourcemanager.projects.list` permission on the 1222parent, the results will be drawn from an alternate index which provides 1223more consistent results. In future versions of this API, this List method 1224will be split into List and Search to properly capture the behavorial 1225difference. 1226 1227Args: 1228 pageSize: integer, The maximum number of Projects to return in the response. 1229The server can return fewer Projects than requested. 1230If unspecified, server picks an appropriate default. 1231 1232Optional. 1233 pageToken: string, A pagination token returned from a previous call to ListProjects 1234that indicates from where listing should continue. 1235 1236Optional. 1237 x__xgafv: string, V1 error format. 1238 Allowed values 1239 1 - v1 error format 1240 2 - v2 error format 1241 filter: string, An expression for filtering the results of the request. Filter rules are 1242case insensitive. The fields eligible for filtering are: 1243 1244+ `name` 1245+ `id` 1246+ `labels.<key>` (where *key* is the name of a label) 1247+ `parent.type` 1248+ `parent.id` 1249 1250Some examples of using labels as filters: 1251 1252| Filter | Description | 1253|------------------|-----------------------------------------------------| 1254| name:how* | The project's name starts with "how". | 1255| name:Howl | The project's name is `Howl` or `howl`. | 1256| name:HOWL | Equivalent to above. | 1257| NAME:howl | Equivalent to above. | 1258| labels.color:* | The project has the label `color`. | 1259| labels.color:red | The project's label `color` has the value `red`. | 1260| labels.color:red labels.size:big |The project's label `color` has 1261 the value `red` and its label `size` has the value `big`. | 1262 1263If no filter is specified, the call will return projects for which the user 1264has the `resourcemanager.projects.get` permission. 1265 1266NOTE: To perform a by-parent query (eg., what projects are directly in a 1267Folder), the caller must have the `resourcemanager.projects.list` 1268permission on the parent and the filter must contain both a `parent.type` 1269and a `parent.id` restriction 1270(example: "parent.type:folder parent.id:123"). In this case an alternate 1271search index is used which provides more consistent results. 1272 1273Optional. 1274 1275Returns: 1276 An object of the form: 1277 1278 { # A page of the response received from the 1279 # ListProjects 1280 # method. 1281 # 1282 # A paginated response where more pages are available has 1283 # `next_page_token` set. This token can be used in a subsequent request to 1284 # retrieve the next request page. 1285 "nextPageToken": "A String", # Pagination token. 1286 # 1287 # If the result set is too large to fit in a single response, this token 1288 # is returned. It encodes the position of the current result cursor. 1289 # Feeding this value into a new list request with the `page_token` parameter 1290 # gives the next page of the results. 1291 # 1292 # When `next_page_token` is not filled in, there is no next page and 1293 # the list returned is the last page in the result set. 1294 # 1295 # Pagination tokens have a limited lifetime. 1296 "projects": [ # The list of Projects that matched the list filter. This list can 1297 # be paginated. 1298 { # A Project is a high-level Google Cloud Platform entity. It is a 1299 # container for ACLs, APIs, App Engine Apps, VMs, and other 1300 # Google Cloud Platform resources. 1301 "name": "A String", # The optional user-assigned display name of the Project. 1302 # When present it must be between 4 to 30 characters. 1303 # Allowed characters are: lowercase and uppercase letters, numbers, 1304 # hyphen, single-quote, double-quote, space, and exclamation point. 1305 # 1306 # Example: <code>My Project</code> 1307 # Read-write. 1308 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 1309 # 1310 # Supported parent types include "organization" and "folder". Once set, the 1311 # parent cannot be cleared. The `parent` can be set on creation or using the 1312 # `UpdateProject` method; the end user must have the 1313 # `resourcemanager.projects.create` permission on the parent. 1314 # 1315 # Read-write. 1316 # Cloud Platform is a generic term for something you (a developer) may want to 1317 # interact with through one of our API's. Some examples are an App Engine app, 1318 # a Compute Engine instance, a Cloud SQL database, and so on. 1319 "type": "A String", # Required field representing the resource type this id is for. 1320 # At present, the valid types are: "organization" and "folder". 1321 "id": "A String", # Required field for the type-specific id. This should correspond to the id 1322 # used in the type-specific API's. 1323 }, 1324 "projectId": "A String", # The unique, user-assigned ID of the Project. 1325 # It must be 6 to 30 lowercase letters, digits, or hyphens. 1326 # It must start with a letter. 1327 # Trailing hyphens are prohibited. 1328 # 1329 # Example: <code>tokyo-rain-123</code> 1330 # Read-only after creation. 1331 "labels": { # The labels associated with this Project. 1332 # 1333 # Label keys must be between 1 and 63 characters long and must conform 1334 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 1335 # 1336 # Label values must be between 0 and 63 characters long and must conform 1337 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label 1338 # value can be empty. 1339 # 1340 # No more than 256 labels can be associated with a given resource. 1341 # 1342 # Clients should store labels in a representation such as JSON that does not 1343 # depend on specific characters being disallowed. 1344 # 1345 # Example: <code>"environment" : "dev"</code> 1346 # Read-write. 1347 "a_key": "A String", 1348 }, 1349 "createTime": "A String", # Creation time. 1350 # 1351 # Read-only. 1352 "lifecycleState": "A String", # The Project lifecycle state. 1353 # 1354 # Read-only. 1355 "projectNumber": "A String", # The number uniquely identifying the project. 1356 # 1357 # Example: <code>415104041262</code> 1358 # Read-only. 1359 }, 1360 ], 1361 }</pre> 1362</div> 1363 1364<div class="method"> 1365 <code class="details" id="listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body, x__xgafv=None)</code> 1366 <pre>Lists `Constraints` that could be applied on the specified resource. 1367 1368Args: 1369 resource: string, Name of the resource to list `Constraints` for. (required) 1370 body: object, The request body. (required) 1371 The object takes the form of: 1372 1373{ # The request sent to the [ListAvailableOrgPolicyConstraints] 1374 # google.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method. 1375 "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported 1376 # and will be ignored. The server may at any point start using this field. 1377 "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will 1378 # be ignored. The server may at any point start using this field to limit 1379 # page size. 1380 } 1381 1382 x__xgafv: string, V1 error format. 1383 Allowed values 1384 1 - v1 error format 1385 2 - v2 error format 1386 1387Returns: 1388 An object of the form: 1389 1390 { # The response returned from the ListAvailableOrgPolicyConstraints method. 1391 # Returns all `Constraints` that could be set at this level of the hierarchy 1392 # (contrast with the response from `ListPolicies`, which returns all policies 1393 # which are set). 1394 "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used. 1395 "constraints": [ # The collection of constraints that are settable on the request resource. 1396 { # A `Constraint` describes a way in which a resource's configuration can be 1397 # restricted. For example, it controls which cloud services can be activated 1398 # across an organization, or whether a Compute Engine instance can have 1399 # serial port connections established. `Constraints` can be configured by the 1400 # organization's policy adminstrator to fit the needs of the organzation by 1401 # setting Policies for `Constraints` at different locations in the 1402 # organization's resource hierarchy. Policies are inherited down the resource 1403 # hierarchy from higher levels, but can also be overridden. For details about 1404 # the inheritance rules please read about 1405 # Policies. 1406 # 1407 # `Constraints` have a default behavior determined by the `constraint_default` 1408 # field, which is the enforcement behavior that is used in the absence of a 1409 # `Policy` being defined or inherited for the resource in question. 1410 "constraintDefault": "A String", # The evaluation behavior of this constraint in the absense of 'Policy'. 1411 "displayName": "A String", # The human readable name. 1412 # 1413 # Mutable. 1414 "name": "A String", # Immutable value, required to globally be unique. For example, 1415 # `constraints/serviceuser.services` 1416 "booleanConstraint": { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint. 1417 # 1418 # For example a constraint `constraints/compute.disableSerialPortAccess`. 1419 # If it is enforced on a VM instance, serial port connections will not be 1420 # opened to that instance. 1421 }, 1422 "version": 42, # Version of the `Constraint`. Default version is 0; 1423 "listConstraint": { # A `Constraint` that allows or disallows a list of string values, which are # Defines this constraint as being a ListConstraint. 1424 # configured by an Organization's policy administrator with a `Policy`. 1425 "supportsUnder": True or False, # Indicates whether subtrees of Cloud Resource Manager resource hierarchy 1426 # can be used in `Policy.allowed_values` and `Policy.denied_values`. For 1427 # example, `"under:folders/123"` would match any resource under the 1428 # 'folders/123' folder. 1429 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1430 # that matches the value specified in this `Constraint`. 1431 }, 1432 "description": "A String", # Detailed description of what this `Constraint` controls as well as how and 1433 # where it is enforced. 1434 # 1435 # Mutable. 1436 }, 1437 ], 1438 }</pre> 1439</div> 1440 1441<div class="method"> 1442 <code class="details" id="listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</code> 1443 <pre>Retrieves the next page of results. 1444 1445Args: 1446 previous_request: The request for the previous page. (required) 1447 previous_response: The response from the request for the previous page. (required) 1448 1449Returns: 1450 A request object that you can call 'execute()' on to request the next 1451 page. Returns None if there are no more items in the collection. 1452 </pre> 1453</div> 1454 1455<div class="method"> 1456 <code class="details" id="listOrgPolicies">listOrgPolicies(resource, body, x__xgafv=None)</code> 1457 <pre>Lists all the `Policies` set for a particular resource. 1458 1459Args: 1460 resource: string, Name of the resource to list Policies for. (required) 1461 body: object, The request body. (required) 1462 The object takes the form of: 1463 1464{ # The request sent to the ListOrgPolicies method. 1465 "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported 1466 # and will be ignored. The server may at any point start using this field. 1467 "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will 1468 # be ignored. The server may at any point start using this field to limit 1469 # page size. 1470 } 1471 1472 x__xgafv: string, V1 error format. 1473 Allowed values 1474 1 - v1 error format 1475 2 - v2 error format 1476 1477Returns: 1478 An object of the form: 1479 1480 { # The response returned from the ListOrgPolicies method. It will be empty 1481 # if no `Policies` are set on the resource. 1482 "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used, but 1483 # the server may at any point start supplying a valid token. 1484 "policies": [ # The `Policies` that are set on the resource. It will be empty if no 1485 # `Policies` are set. 1486 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 1487 # for configurations of Cloud Platform resources. 1488 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 1489 # server, not specified by the caller, and represents the last time a call to 1490 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 1491 # be ignored. 1492 "version": 42, # Version of the `Policy`. Default version is 0; 1493 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 1494 # `constraints/serviceuser.services`. 1495 # 1496 # Immutable after creation. 1497 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 1498 # `Constraint` type. 1499 # `constraint_default` enforcement behavior of the specific `Constraint` at 1500 # this resource. 1501 # 1502 # Suppose that `constraint_default` is set to `ALLOW` for the 1503 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 1504 # foo.com sets a `Policy` at their Organization resource node that restricts 1505 # the allowed service activations to deny all service activations. They 1506 # could then set a `Policy` with the `policy_type` `restore_default` on 1507 # several experimental projects, restoring the `constraint_default` 1508 # enforcement of the `Constraint` for only those projects, allowing those 1509 # projects to have all services activated. 1510 }, 1511 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 1512 # resource. 1513 # 1514 # `ListPolicy` can define specific values and subtrees of Cloud Resource 1515 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that 1516 # are allowed or denied by setting the `allowed_values` and `denied_values` 1517 # fields. This is achieved by using the `under:` and optional `is:` prefixes. 1518 # The `under:` prefix is used to denote resource subtree values. 1519 # The `is:` prefix is used to denote specific values, and is required only 1520 # if the value contains a ":". Values prefixed with "is:" are treated the 1521 # same as values with no prefix. 1522 # Ancestry subtrees must be in one of the following formats: 1523 # - “projects/<project-id>”, e.g. “projects/tokyo-rain-123” 1524 # - “folders/<folder-id>”, e.g. “folders/1234” 1525 # - “organizations/<organization-id>”, e.g. “organizations/1234” 1526 # The `supports_under` field of the associated `Constraint` defines whether 1527 # ancestry prefixes can be used. You can set `allowed_values` and 1528 # `denied_values` in the same `Policy` if `all_values` is 1529 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all 1530 # values. If `all_values` is set to either `ALLOW` or `DENY`, 1531 # `allowed_values` and `denied_values` must be unset. 1532 "allValues": "A String", # The policy all_values state. 1533 "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` 1534 # is set to `ALL_VALUES_UNSPECIFIED`. 1535 "A String", 1536 ], 1537 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 1538 # 1539 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 1540 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 1541 # set to `true`, then the values from the effective `Policy` of the parent 1542 # resource are inherited, meaning the values set in this `Policy` are 1543 # added to the values inherited up the hierarchy. 1544 # 1545 # Setting `Policy` hierarchies that inherit both allowed values and denied 1546 # values isn't recommended in most circumstances to keep the configuration 1547 # simple and understandable. However, it is possible to set a `Policy` with 1548 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 1549 # In this case, the values that are allowed must be in `allowed_values` and 1550 # not present in `denied_values`. 1551 # 1552 # For example, suppose you have a `Constraint` 1553 # `constraints/serviceuser.services`, which has a `constraint_type` of 1554 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 1555 # Suppose that at the Organization level, a `Policy` is applied that 1556 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 1557 # `Policy` is applied to a project below the Organization that has 1558 # `inherit_from_parent` set to `false` and field all_values set to DENY, 1559 # then an attempt to activate any API will be denied. 1560 # 1561 # The following examples demonstrate different possible layerings for 1562 # `projects/bar` parented by `organizations/foo`: 1563 # 1564 # Example 1 (no inherited values): 1565 # `organizations/foo` has a `Policy` with values: 1566 # {allowed_values: “E1” allowed_values:”E2”} 1567 # `projects/bar` has `inherit_from_parent` `false` and values: 1568 # {allowed_values: "E3" allowed_values: "E4"} 1569 # The accepted values at `organizations/foo` are `E1`, `E2`. 1570 # The accepted values at `projects/bar` are `E3`, and `E4`. 1571 # 1572 # Example 2 (inherited values): 1573 # `organizations/foo` has a `Policy` with values: 1574 # {allowed_values: “E1” allowed_values:”E2”} 1575 # `projects/bar` has a `Policy` with values: 1576 # {value: “E3” value: ”E4” inherit_from_parent: true} 1577 # The accepted values at `organizations/foo` are `E1`, `E2`. 1578 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 1579 # 1580 # Example 3 (inheriting both allowed and denied values): 1581 # `organizations/foo` has a `Policy` with values: 1582 # {allowed_values: "E1" allowed_values: "E2"} 1583 # `projects/bar` has a `Policy` with: 1584 # {denied_values: "E1"} 1585 # The accepted values at `organizations/foo` are `E1`, `E2`. 1586 # The value accepted at `projects/bar` is `E2`. 1587 # 1588 # Example 4 (RestoreDefault): 1589 # `organizations/foo` has a `Policy` with values: 1590 # {allowed_values: “E1” allowed_values:”E2”} 1591 # `projects/bar` has a `Policy` with values: 1592 # {RestoreDefault: {}} 1593 # The accepted values at `organizations/foo` are `E1`, `E2`. 1594 # The accepted values at `projects/bar` are either all or none depending on 1595 # the value of `constraint_default` (if `ALLOW`, all; if 1596 # `DENY`, none). 1597 # 1598 # Example 5 (no policy inherits parent policy): 1599 # `organizations/foo` has no `Policy` set. 1600 # `projects/bar` has no `Policy` set. 1601 # The accepted values at both levels are either all or none depending on 1602 # the value of `constraint_default` (if `ALLOW`, all; if 1603 # `DENY`, none). 1604 # 1605 # Example 6 (ListConstraint allowing all): 1606 # `organizations/foo` has a `Policy` with values: 1607 # {allowed_values: “E1” allowed_values: ”E2”} 1608 # `projects/bar` has a `Policy` with: 1609 # {all: ALLOW} 1610 # The accepted values at `organizations/foo` are `E1`, E2`. 1611 # Any value is accepted at `projects/bar`. 1612 # 1613 # Example 7 (ListConstraint allowing none): 1614 # `organizations/foo` has a `Policy` with values: 1615 # {allowed_values: “E1” allowed_values: ”E2”} 1616 # `projects/bar` has a `Policy` with: 1617 # {all: DENY} 1618 # The accepted values at `organizations/foo` are `E1`, E2`. 1619 # No value is accepted at `projects/bar`. 1620 # 1621 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy): 1622 # Given the following resource hierarchy 1623 # O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, 1624 # `organizations/foo` has a `Policy` with values: 1625 # {allowed_values: "under:organizations/O1"} 1626 # `projects/bar` has a `Policy` with: 1627 # {allowed_values: "under:projects/P3"} 1628 # {denied_values: "under:folders/F2"} 1629 # The accepted values at `organizations/foo` are `organizations/O1`, 1630 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, 1631 # `projects/P3`. 1632 # The accepted values at `projects/bar` are `organizations/O1`, 1633 # `folders/F1`, `projects/P1`. 1634 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1635 # that matches the value specified in this `Policy`. If `suggested_value` 1636 # is not set, it will inherit the value specified higher in the hierarchy, 1637 # unless `inherit_from_parent` is `false`. 1638 "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` 1639 # is set to `ALL_VALUES_UNSPECIFIED`. 1640 "A String", 1641 ], 1642 }, 1643 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 1644 # resource. 1645 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 1646 # configuration is acceptable. 1647 # 1648 # Suppose you have a `Constraint` 1649 # `constraints/compute.disableSerialPortAccess` with `constraint_default` 1650 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 1651 # behavior: 1652 # - If the `Policy` at this resource has enforced set to `false`, serial 1653 # port connection attempts will be allowed. 1654 # - If the `Policy` at this resource has enforced set to `true`, serial 1655 # port connection attempts will be refused. 1656 # - If the `Policy` at this resource is `RestoreDefault`, serial port 1657 # connection attempts will be allowed. 1658 # - If no `Policy` is set at this resource or anywhere higher in the 1659 # resource hierarchy, serial port connection attempts will be allowed. 1660 # - If no `Policy` is set at this resource, but one exists higher in the 1661 # resource hierarchy, the behavior is as if the`Policy` were set at 1662 # this resource. 1663 # 1664 # The following examples demonstrate the different possible layerings: 1665 # 1666 # Example 1 (nearest `Constraint` wins): 1667 # `organizations/foo` has a `Policy` with: 1668 # {enforced: false} 1669 # `projects/bar` has no `Policy` set. 1670 # The constraint at `projects/bar` and `organizations/foo` will not be 1671 # enforced. 1672 # 1673 # Example 2 (enforcement gets replaced): 1674 # `organizations/foo` has a `Policy` with: 1675 # {enforced: false} 1676 # `projects/bar` has a `Policy` with: 1677 # {enforced: true} 1678 # The constraint at `organizations/foo` is not enforced. 1679 # The constraint at `projects/bar` is enforced. 1680 # 1681 # Example 3 (RestoreDefault): 1682 # `organizations/foo` has a `Policy` with: 1683 # {enforced: true} 1684 # `projects/bar` has a `Policy` with: 1685 # {RestoreDefault: {}} 1686 # The constraint at `organizations/foo` is enforced. 1687 # The constraint at `projects/bar` is not enforced, because 1688 # `constraint_default` for the `Constraint` is `ALLOW`. 1689 }, 1690 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 1691 # concurrency control. 1692 # 1693 # When the `Policy` is returned from either a `GetPolicy` or a 1694 # `ListOrgPolicy` request, this `etag` indicates the version of the current 1695 # `Policy` to use when executing a read-modify-write loop. 1696 # 1697 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 1698 # `etag` will be unset. 1699 # 1700 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1701 # that was returned from a `GetOrgPolicy` request as part of a 1702 # read-modify-write loop for concurrency control. Not setting the `etag`in a 1703 # `SetOrgPolicy` request will result in an unconditional write of the 1704 # `Policy`. 1705 }, 1706 ], 1707 }</pre> 1708</div> 1709 1710<div class="method"> 1711 <code class="details" id="listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</code> 1712 <pre>Retrieves the next page of results. 1713 1714Args: 1715 previous_request: The request for the previous page. (required) 1716 previous_response: The response from the request for the previous page. (required) 1717 1718Returns: 1719 A request object that you can call 'execute()' on to request the next 1720 page. Returns None if there are no more items in the collection. 1721 </pre> 1722</div> 1723 1724<div class="method"> 1725 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 1726 <pre>Retrieves the next page of results. 1727 1728Args: 1729 previous_request: The request for the previous page. (required) 1730 previous_response: The response from the request for the previous page. (required) 1731 1732Returns: 1733 A request object that you can call 'execute()' on to request the next 1734 page. Returns None if there are no more items in the collection. 1735 </pre> 1736</div> 1737 1738<div class="method"> 1739 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 1740 <pre>Sets the IAM access control policy for the specified Project. Overwrites 1741any existing policy. 1742 1743The following constraints apply when using `setIamPolicy()`: 1744 1745+ Project does not support `allUsers` and `allAuthenticatedUsers` as 1746`members` in a `Binding` of a `Policy`. 1747 1748+ The owner role can be granted only to `user` and `serviceAccount`. 1749 1750+ Service accounts can be made owners of a project directly 1751without any restrictions. However, to be added as an owner, a user must be 1752invited via Cloud Platform console and must accept the invitation. 1753 1754+ A user cannot be granted the owner role using `setIamPolicy()`. The user 1755must be granted the owner role using the Cloud Platform Console and must 1756explicitly accept the invitation. 1757 1758+ You can only grant ownership of a project to a member by using the 1759GCP Console. Inviting a member will deliver an invitation email that 1760they must accept. An invitation email is not generated if you are 1761granting a role other than owner, or if both the member you are inviting 1762and the project are part of your organization. 1763 1764+ Membership changes that leave the project without any owners that have 1765accepted the Terms of Service (ToS) will be rejected. 1766 1767+ If the project is not part of an organization, there must be at least 1768one owner who has accepted the Terms of Service (ToS) agreement in the 1769policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner 1770from the policy will fail. This restriction also applies to legacy 1771projects that no longer have owners who have accepted the ToS. Edits to 1772IAM policies will be rejected until the lack of a ToS-accepting owner is 1773rectified. 1774 1775+ This method will replace the existing policy, and cannot be used to 1776append additional IAM settings. 1777 1778Note: Removing service accounts from policies or changing their roles 1779can render services completely inoperable. It is important to understand 1780how the service account is being used before removing or updating its 1781roles. 1782 1783Authorization requires the Google IAM permission 1784`resourcemanager.projects.setIamPolicy` on the project 1785 1786Args: 1787 resource: string, REQUIRED: The resource for which the policy is being specified. 1788See the operation documentation for the appropriate value for this field. (required) 1789 body: object, The request body. (required) 1790 The object takes the form of: 1791 1792{ # Request message for `SetIamPolicy` method. 1793 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 1794 # the policy is limited to a few 10s of KB. An empty policy is a 1795 # valid policy but certain Cloud Platform services (such as Projects) 1796 # might reject them. 1797 # specify access control policies for Cloud Platform resources. 1798 # 1799 # 1800 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1801 # `members` to a `role`, where the members can be user accounts, Google groups, 1802 # Google domains, and service accounts. A `role` is a named list of permissions 1803 # defined by IAM. 1804 # 1805 # **JSON Example** 1806 # 1807 # { 1808 # "bindings": [ 1809 # { 1810 # "role": "roles/owner", 1811 # "members": [ 1812 # "user:mike@example.com", 1813 # "group:admins@example.com", 1814 # "domain:google.com", 1815 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1816 # ] 1817 # }, 1818 # { 1819 # "role": "roles/viewer", 1820 # "members": ["user:sean@example.com"] 1821 # } 1822 # ] 1823 # } 1824 # 1825 # **YAML Example** 1826 # 1827 # bindings: 1828 # - members: 1829 # - user:mike@example.com 1830 # - group:admins@example.com 1831 # - domain:google.com 1832 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1833 # role: roles/owner 1834 # - members: 1835 # - user:sean@example.com 1836 # role: roles/viewer 1837 # 1838 # 1839 # For a description of IAM and its features, see the 1840 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1841 "bindings": [ # Associates a list of `members` to a `role`. 1842 # `bindings` with no members will result in an error. 1843 { # Associates `members` with a `role`. 1844 "role": "A String", # Role that is assigned to `members`. 1845 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1846 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1847 # NOTE: An unsatisfied condition will not allow user access via current 1848 # binding. Different bindings, including their conditions, are examined 1849 # independently. 1850 # 1851 # title: "User account presence" 1852 # description: "Determines whether the request has a user account" 1853 # expression: "size(request.user) > 0" 1854 "location": "A String", # An optional string indicating the location of the expression for error 1855 # reporting, e.g. a file name and a position in the file. 1856 "expression": "A String", # Textual representation of an expression in 1857 # Common Expression Language syntax. 1858 # 1859 # The application context of the containing message determines which 1860 # well-known feature set of CEL is supported. 1861 "description": "A String", # An optional description of the expression. This is a longer text which 1862 # describes the expression, e.g. when hovered over it in a UI. 1863 "title": "A String", # An optional title for the expression, i.e. a short string describing 1864 # its purpose. This can be used e.g. in UIs which allow to enter the 1865 # expression. 1866 }, 1867 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1868 # `members` can have the following values: 1869 # 1870 # * `allUsers`: A special identifier that represents anyone who is 1871 # on the internet; with or without a Google account. 1872 # 1873 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1874 # who is authenticated with a Google account or a service account. 1875 # 1876 # * `user:{emailid}`: An email address that represents a specific Google 1877 # account. For example, `alice@gmail.com` . 1878 # 1879 # 1880 # * `serviceAccount:{emailid}`: An email address that represents a service 1881 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1882 # 1883 # * `group:{emailid}`: An email address that represents a Google group. 1884 # For example, `admins@example.com`. 1885 # 1886 # 1887 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1888 # users of that domain. For example, `google.com` or `example.com`. 1889 # 1890 "A String", 1891 ], 1892 }, 1893 ], 1894 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1895 # prevent simultaneous updates of a policy from overwriting each other. 1896 # It is strongly suggested that systems make use of the `etag` in the 1897 # read-modify-write cycle to perform policy updates in order to avoid race 1898 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1899 # systems are expected to put that etag in the request to `setIamPolicy` to 1900 # ensure that their change will be applied to the same version of the policy. 1901 # 1902 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1903 # policy is overwritten blindly. 1904 "version": 42, # Deprecated. 1905 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1906 { # Specifies the audit configuration for a service. 1907 # The configuration determines which permission types are logged, and what 1908 # identities, if any, are exempted from logging. 1909 # An AuditConfig must have one or more AuditLogConfigs. 1910 # 1911 # If there are AuditConfigs for both `allServices` and a specific service, 1912 # the union of the two AuditConfigs is used for that service: the log_types 1913 # specified in each AuditConfig are enabled, and the exempted_members in each 1914 # AuditLogConfig are exempted. 1915 # 1916 # Example Policy with multiple AuditConfigs: 1917 # 1918 # { 1919 # "audit_configs": [ 1920 # { 1921 # "service": "allServices" 1922 # "audit_log_configs": [ 1923 # { 1924 # "log_type": "DATA_READ", 1925 # "exempted_members": [ 1926 # "user:foo@gmail.com" 1927 # ] 1928 # }, 1929 # { 1930 # "log_type": "DATA_WRITE", 1931 # }, 1932 # { 1933 # "log_type": "ADMIN_READ", 1934 # } 1935 # ] 1936 # }, 1937 # { 1938 # "service": "fooservice.googleapis.com" 1939 # "audit_log_configs": [ 1940 # { 1941 # "log_type": "DATA_READ", 1942 # }, 1943 # { 1944 # "log_type": "DATA_WRITE", 1945 # "exempted_members": [ 1946 # "user:bar@gmail.com" 1947 # ] 1948 # } 1949 # ] 1950 # } 1951 # ] 1952 # } 1953 # 1954 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1955 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1956 # bar@gmail.com from DATA_WRITE logging. 1957 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1958 { # Provides the configuration for logging a type of permissions. 1959 # Example: 1960 # 1961 # { 1962 # "audit_log_configs": [ 1963 # { 1964 # "log_type": "DATA_READ", 1965 # "exempted_members": [ 1966 # "user:foo@gmail.com" 1967 # ] 1968 # }, 1969 # { 1970 # "log_type": "DATA_WRITE", 1971 # } 1972 # ] 1973 # } 1974 # 1975 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1976 # foo@gmail.com from DATA_READ logging. 1977 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1978 # permission. 1979 # Follows the same format of Binding.members. 1980 "A String", 1981 ], 1982 "logType": "A String", # The log type that this config enables. 1983 }, 1984 ], 1985 "service": "A String", # Specifies a service that will be enabled for audit logging. 1986 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1987 # `allServices` is a special value that covers all services. 1988 }, 1989 ], 1990 }, 1991 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1992 # the fields in the mask will be modified. If no mask is provided, the 1993 # following default mask is used: 1994 # paths: "bindings, etag" 1995 # This field is only used by Cloud IAM. 1996 } 1997 1998 x__xgafv: string, V1 error format. 1999 Allowed values 2000 1 - v1 error format 2001 2 - v2 error format 2002 2003Returns: 2004 An object of the form: 2005 2006 { # Defines an Identity and Access Management (IAM) policy. It is used to 2007 # specify access control policies for Cloud Platform resources. 2008 # 2009 # 2010 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 2011 # `members` to a `role`, where the members can be user accounts, Google groups, 2012 # Google domains, and service accounts. A `role` is a named list of permissions 2013 # defined by IAM. 2014 # 2015 # **JSON Example** 2016 # 2017 # { 2018 # "bindings": [ 2019 # { 2020 # "role": "roles/owner", 2021 # "members": [ 2022 # "user:mike@example.com", 2023 # "group:admins@example.com", 2024 # "domain:google.com", 2025 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 2026 # ] 2027 # }, 2028 # { 2029 # "role": "roles/viewer", 2030 # "members": ["user:sean@example.com"] 2031 # } 2032 # ] 2033 # } 2034 # 2035 # **YAML Example** 2036 # 2037 # bindings: 2038 # - members: 2039 # - user:mike@example.com 2040 # - group:admins@example.com 2041 # - domain:google.com 2042 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 2043 # role: roles/owner 2044 # - members: 2045 # - user:sean@example.com 2046 # role: roles/viewer 2047 # 2048 # 2049 # For a description of IAM and its features, see the 2050 # [IAM developer's guide](https://cloud.google.com/iam/docs). 2051 "bindings": [ # Associates a list of `members` to a `role`. 2052 # `bindings` with no members will result in an error. 2053 { # Associates `members` with a `role`. 2054 "role": "A String", # Role that is assigned to `members`. 2055 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 2056 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 2057 # NOTE: An unsatisfied condition will not allow user access via current 2058 # binding. Different bindings, including their conditions, are examined 2059 # independently. 2060 # 2061 # title: "User account presence" 2062 # description: "Determines whether the request has a user account" 2063 # expression: "size(request.user) > 0" 2064 "location": "A String", # An optional string indicating the location of the expression for error 2065 # reporting, e.g. a file name and a position in the file. 2066 "expression": "A String", # Textual representation of an expression in 2067 # Common Expression Language syntax. 2068 # 2069 # The application context of the containing message determines which 2070 # well-known feature set of CEL is supported. 2071 "description": "A String", # An optional description of the expression. This is a longer text which 2072 # describes the expression, e.g. when hovered over it in a UI. 2073 "title": "A String", # An optional title for the expression, i.e. a short string describing 2074 # its purpose. This can be used e.g. in UIs which allow to enter the 2075 # expression. 2076 }, 2077 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 2078 # `members` can have the following values: 2079 # 2080 # * `allUsers`: A special identifier that represents anyone who is 2081 # on the internet; with or without a Google account. 2082 # 2083 # * `allAuthenticatedUsers`: A special identifier that represents anyone 2084 # who is authenticated with a Google account or a service account. 2085 # 2086 # * `user:{emailid}`: An email address that represents a specific Google 2087 # account. For example, `alice@gmail.com` . 2088 # 2089 # 2090 # * `serviceAccount:{emailid}`: An email address that represents a service 2091 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 2092 # 2093 # * `group:{emailid}`: An email address that represents a Google group. 2094 # For example, `admins@example.com`. 2095 # 2096 # 2097 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 2098 # users of that domain. For example, `google.com` or `example.com`. 2099 # 2100 "A String", 2101 ], 2102 }, 2103 ], 2104 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 2105 # prevent simultaneous updates of a policy from overwriting each other. 2106 # It is strongly suggested that systems make use of the `etag` in the 2107 # read-modify-write cycle to perform policy updates in order to avoid race 2108 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 2109 # systems are expected to put that etag in the request to `setIamPolicy` to 2110 # ensure that their change will be applied to the same version of the policy. 2111 # 2112 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 2113 # policy is overwritten blindly. 2114 "version": 42, # Deprecated. 2115 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 2116 { # Specifies the audit configuration for a service. 2117 # The configuration determines which permission types are logged, and what 2118 # identities, if any, are exempted from logging. 2119 # An AuditConfig must have one or more AuditLogConfigs. 2120 # 2121 # If there are AuditConfigs for both `allServices` and a specific service, 2122 # the union of the two AuditConfigs is used for that service: the log_types 2123 # specified in each AuditConfig are enabled, and the exempted_members in each 2124 # AuditLogConfig are exempted. 2125 # 2126 # Example Policy with multiple AuditConfigs: 2127 # 2128 # { 2129 # "audit_configs": [ 2130 # { 2131 # "service": "allServices" 2132 # "audit_log_configs": [ 2133 # { 2134 # "log_type": "DATA_READ", 2135 # "exempted_members": [ 2136 # "user:foo@gmail.com" 2137 # ] 2138 # }, 2139 # { 2140 # "log_type": "DATA_WRITE", 2141 # }, 2142 # { 2143 # "log_type": "ADMIN_READ", 2144 # } 2145 # ] 2146 # }, 2147 # { 2148 # "service": "fooservice.googleapis.com" 2149 # "audit_log_configs": [ 2150 # { 2151 # "log_type": "DATA_READ", 2152 # }, 2153 # { 2154 # "log_type": "DATA_WRITE", 2155 # "exempted_members": [ 2156 # "user:bar@gmail.com" 2157 # ] 2158 # } 2159 # ] 2160 # } 2161 # ] 2162 # } 2163 # 2164 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 2165 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 2166 # bar@gmail.com from DATA_WRITE logging. 2167 "auditLogConfigs": [ # The configuration for logging of each type of permission. 2168 { # Provides the configuration for logging a type of permissions. 2169 # Example: 2170 # 2171 # { 2172 # "audit_log_configs": [ 2173 # { 2174 # "log_type": "DATA_READ", 2175 # "exempted_members": [ 2176 # "user:foo@gmail.com" 2177 # ] 2178 # }, 2179 # { 2180 # "log_type": "DATA_WRITE", 2181 # } 2182 # ] 2183 # } 2184 # 2185 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 2186 # foo@gmail.com from DATA_READ logging. 2187 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 2188 # permission. 2189 # Follows the same format of Binding.members. 2190 "A String", 2191 ], 2192 "logType": "A String", # The log type that this config enables. 2193 }, 2194 ], 2195 "service": "A String", # Specifies a service that will be enabled for audit logging. 2196 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 2197 # `allServices` is a special value that covers all services. 2198 }, 2199 ], 2200 }</pre> 2201</div> 2202 2203<div class="method"> 2204 <code class="details" id="setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</code> 2205 <pre>Updates the specified `Policy` on the resource. Creates a new `Policy` for 2206that `Constraint` on the resource if one does not exist. 2207 2208Not supplying an `etag` on the request `Policy` results in an unconditional 2209write of the `Policy`. 2210 2211Args: 2212 resource: string, Resource name of the resource to attach the `Policy`. (required) 2213 body: object, The request body. (required) 2214 The object takes the form of: 2215 2216{ # The request sent to the SetOrgPolicyRequest method. 2217 "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource. 2218 # for configurations of Cloud Platform resources. 2219 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 2220 # server, not specified by the caller, and represents the last time a call to 2221 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 2222 # be ignored. 2223 "version": 42, # Version of the `Policy`. Default version is 0; 2224 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 2225 # `constraints/serviceuser.services`. 2226 # 2227 # Immutable after creation. 2228 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 2229 # `Constraint` type. 2230 # `constraint_default` enforcement behavior of the specific `Constraint` at 2231 # this resource. 2232 # 2233 # Suppose that `constraint_default` is set to `ALLOW` for the 2234 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 2235 # foo.com sets a `Policy` at their Organization resource node that restricts 2236 # the allowed service activations to deny all service activations. They 2237 # could then set a `Policy` with the `policy_type` `restore_default` on 2238 # several experimental projects, restoring the `constraint_default` 2239 # enforcement of the `Constraint` for only those projects, allowing those 2240 # projects to have all services activated. 2241 }, 2242 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 2243 # resource. 2244 # 2245 # `ListPolicy` can define specific values and subtrees of Cloud Resource 2246 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that 2247 # are allowed or denied by setting the `allowed_values` and `denied_values` 2248 # fields. This is achieved by using the `under:` and optional `is:` prefixes. 2249 # The `under:` prefix is used to denote resource subtree values. 2250 # The `is:` prefix is used to denote specific values, and is required only 2251 # if the value contains a ":". Values prefixed with "is:" are treated the 2252 # same as values with no prefix. 2253 # Ancestry subtrees must be in one of the following formats: 2254 # - “projects/<project-id>”, e.g. “projects/tokyo-rain-123” 2255 # - “folders/<folder-id>”, e.g. “folders/1234” 2256 # - “organizations/<organization-id>”, e.g. “organizations/1234” 2257 # The `supports_under` field of the associated `Constraint` defines whether 2258 # ancestry prefixes can be used. You can set `allowed_values` and 2259 # `denied_values` in the same `Policy` if `all_values` is 2260 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all 2261 # values. If `all_values` is set to either `ALLOW` or `DENY`, 2262 # `allowed_values` and `denied_values` must be unset. 2263 "allValues": "A String", # The policy all_values state. 2264 "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` 2265 # is set to `ALL_VALUES_UNSPECIFIED`. 2266 "A String", 2267 ], 2268 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 2269 # 2270 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 2271 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 2272 # set to `true`, then the values from the effective `Policy` of the parent 2273 # resource are inherited, meaning the values set in this `Policy` are 2274 # added to the values inherited up the hierarchy. 2275 # 2276 # Setting `Policy` hierarchies that inherit both allowed values and denied 2277 # values isn't recommended in most circumstances to keep the configuration 2278 # simple and understandable. However, it is possible to set a `Policy` with 2279 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 2280 # In this case, the values that are allowed must be in `allowed_values` and 2281 # not present in `denied_values`. 2282 # 2283 # For example, suppose you have a `Constraint` 2284 # `constraints/serviceuser.services`, which has a `constraint_type` of 2285 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 2286 # Suppose that at the Organization level, a `Policy` is applied that 2287 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 2288 # `Policy` is applied to a project below the Organization that has 2289 # `inherit_from_parent` set to `false` and field all_values set to DENY, 2290 # then an attempt to activate any API will be denied. 2291 # 2292 # The following examples demonstrate different possible layerings for 2293 # `projects/bar` parented by `organizations/foo`: 2294 # 2295 # Example 1 (no inherited values): 2296 # `organizations/foo` has a `Policy` with values: 2297 # {allowed_values: “E1” allowed_values:”E2”} 2298 # `projects/bar` has `inherit_from_parent` `false` and values: 2299 # {allowed_values: "E3" allowed_values: "E4"} 2300 # The accepted values at `organizations/foo` are `E1`, `E2`. 2301 # The accepted values at `projects/bar` are `E3`, and `E4`. 2302 # 2303 # Example 2 (inherited values): 2304 # `organizations/foo` has a `Policy` with values: 2305 # {allowed_values: “E1” allowed_values:”E2”} 2306 # `projects/bar` has a `Policy` with values: 2307 # {value: “E3” value: ”E4” inherit_from_parent: true} 2308 # The accepted values at `organizations/foo` are `E1`, `E2`. 2309 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 2310 # 2311 # Example 3 (inheriting both allowed and denied values): 2312 # `organizations/foo` has a `Policy` with values: 2313 # {allowed_values: "E1" allowed_values: "E2"} 2314 # `projects/bar` has a `Policy` with: 2315 # {denied_values: "E1"} 2316 # The accepted values at `organizations/foo` are `E1`, `E2`. 2317 # The value accepted at `projects/bar` is `E2`. 2318 # 2319 # Example 4 (RestoreDefault): 2320 # `organizations/foo` has a `Policy` with values: 2321 # {allowed_values: “E1” allowed_values:”E2”} 2322 # `projects/bar` has a `Policy` with values: 2323 # {RestoreDefault: {}} 2324 # The accepted values at `organizations/foo` are `E1`, `E2`. 2325 # The accepted values at `projects/bar` are either all or none depending on 2326 # the value of `constraint_default` (if `ALLOW`, all; if 2327 # `DENY`, none). 2328 # 2329 # Example 5 (no policy inherits parent policy): 2330 # `organizations/foo` has no `Policy` set. 2331 # `projects/bar` has no `Policy` set. 2332 # The accepted values at both levels are either all or none depending on 2333 # the value of `constraint_default` (if `ALLOW`, all; if 2334 # `DENY`, none). 2335 # 2336 # Example 6 (ListConstraint allowing all): 2337 # `organizations/foo` has a `Policy` with values: 2338 # {allowed_values: “E1” allowed_values: ”E2”} 2339 # `projects/bar` has a `Policy` with: 2340 # {all: ALLOW} 2341 # The accepted values at `organizations/foo` are `E1`, E2`. 2342 # Any value is accepted at `projects/bar`. 2343 # 2344 # Example 7 (ListConstraint allowing none): 2345 # `organizations/foo` has a `Policy` with values: 2346 # {allowed_values: “E1” allowed_values: ”E2”} 2347 # `projects/bar` has a `Policy` with: 2348 # {all: DENY} 2349 # The accepted values at `organizations/foo` are `E1`, E2`. 2350 # No value is accepted at `projects/bar`. 2351 # 2352 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy): 2353 # Given the following resource hierarchy 2354 # O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, 2355 # `organizations/foo` has a `Policy` with values: 2356 # {allowed_values: "under:organizations/O1"} 2357 # `projects/bar` has a `Policy` with: 2358 # {allowed_values: "under:projects/P3"} 2359 # {denied_values: "under:folders/F2"} 2360 # The accepted values at `organizations/foo` are `organizations/O1`, 2361 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, 2362 # `projects/P3`. 2363 # The accepted values at `projects/bar` are `organizations/O1`, 2364 # `folders/F1`, `projects/P1`. 2365 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 2366 # that matches the value specified in this `Policy`. If `suggested_value` 2367 # is not set, it will inherit the value specified higher in the hierarchy, 2368 # unless `inherit_from_parent` is `false`. 2369 "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` 2370 # is set to `ALL_VALUES_UNSPECIFIED`. 2371 "A String", 2372 ], 2373 }, 2374 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 2375 # resource. 2376 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 2377 # configuration is acceptable. 2378 # 2379 # Suppose you have a `Constraint` 2380 # `constraints/compute.disableSerialPortAccess` with `constraint_default` 2381 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 2382 # behavior: 2383 # - If the `Policy` at this resource has enforced set to `false`, serial 2384 # port connection attempts will be allowed. 2385 # - If the `Policy` at this resource has enforced set to `true`, serial 2386 # port connection attempts will be refused. 2387 # - If the `Policy` at this resource is `RestoreDefault`, serial port 2388 # connection attempts will be allowed. 2389 # - If no `Policy` is set at this resource or anywhere higher in the 2390 # resource hierarchy, serial port connection attempts will be allowed. 2391 # - If no `Policy` is set at this resource, but one exists higher in the 2392 # resource hierarchy, the behavior is as if the`Policy` were set at 2393 # this resource. 2394 # 2395 # The following examples demonstrate the different possible layerings: 2396 # 2397 # Example 1 (nearest `Constraint` wins): 2398 # `organizations/foo` has a `Policy` with: 2399 # {enforced: false} 2400 # `projects/bar` has no `Policy` set. 2401 # The constraint at `projects/bar` and `organizations/foo` will not be 2402 # enforced. 2403 # 2404 # Example 2 (enforcement gets replaced): 2405 # `organizations/foo` has a `Policy` with: 2406 # {enforced: false} 2407 # `projects/bar` has a `Policy` with: 2408 # {enforced: true} 2409 # The constraint at `organizations/foo` is not enforced. 2410 # The constraint at `projects/bar` is enforced. 2411 # 2412 # Example 3 (RestoreDefault): 2413 # `organizations/foo` has a `Policy` with: 2414 # {enforced: true} 2415 # `projects/bar` has a `Policy` with: 2416 # {RestoreDefault: {}} 2417 # The constraint at `organizations/foo` is enforced. 2418 # The constraint at `projects/bar` is not enforced, because 2419 # `constraint_default` for the `Constraint` is `ALLOW`. 2420 }, 2421 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 2422 # concurrency control. 2423 # 2424 # When the `Policy` is returned from either a `GetPolicy` or a 2425 # `ListOrgPolicy` request, this `etag` indicates the version of the current 2426 # `Policy` to use when executing a read-modify-write loop. 2427 # 2428 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 2429 # `etag` will be unset. 2430 # 2431 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 2432 # that was returned from a `GetOrgPolicy` request as part of a 2433 # read-modify-write loop for concurrency control. Not setting the `etag`in a 2434 # `SetOrgPolicy` request will result in an unconditional write of the 2435 # `Policy`. 2436 }, 2437 } 2438 2439 x__xgafv: string, V1 error format. 2440 Allowed values 2441 1 - v1 error format 2442 2 - v2 error format 2443 2444Returns: 2445 An object of the form: 2446 2447 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 2448 # for configurations of Cloud Platform resources. 2449 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 2450 # server, not specified by the caller, and represents the last time a call to 2451 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 2452 # be ignored. 2453 "version": 42, # Version of the `Policy`. Default version is 0; 2454 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 2455 # `constraints/serviceuser.services`. 2456 # 2457 # Immutable after creation. 2458 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 2459 # `Constraint` type. 2460 # `constraint_default` enforcement behavior of the specific `Constraint` at 2461 # this resource. 2462 # 2463 # Suppose that `constraint_default` is set to `ALLOW` for the 2464 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 2465 # foo.com sets a `Policy` at their Organization resource node that restricts 2466 # the allowed service activations to deny all service activations. They 2467 # could then set a `Policy` with the `policy_type` `restore_default` on 2468 # several experimental projects, restoring the `constraint_default` 2469 # enforcement of the `Constraint` for only those projects, allowing those 2470 # projects to have all services activated. 2471 }, 2472 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 2473 # resource. 2474 # 2475 # `ListPolicy` can define specific values and subtrees of Cloud Resource 2476 # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that 2477 # are allowed or denied by setting the `allowed_values` and `denied_values` 2478 # fields. This is achieved by using the `under:` and optional `is:` prefixes. 2479 # The `under:` prefix is used to denote resource subtree values. 2480 # The `is:` prefix is used to denote specific values, and is required only 2481 # if the value contains a ":". Values prefixed with "is:" are treated the 2482 # same as values with no prefix. 2483 # Ancestry subtrees must be in one of the following formats: 2484 # - “projects/<project-id>”, e.g. “projects/tokyo-rain-123” 2485 # - “folders/<folder-id>”, e.g. “folders/1234” 2486 # - “organizations/<organization-id>”, e.g. “organizations/1234” 2487 # The `supports_under` field of the associated `Constraint` defines whether 2488 # ancestry prefixes can be used. You can set `allowed_values` and 2489 # `denied_values` in the same `Policy` if `all_values` is 2490 # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all 2491 # values. If `all_values` is set to either `ALLOW` or `DENY`, 2492 # `allowed_values` and `denied_values` must be unset. 2493 "allValues": "A String", # The policy all_values state. 2494 "allowedValues": [ # List of values allowed at this resource. Can only be set if `all_values` 2495 # is set to `ALL_VALUES_UNSPECIFIED`. 2496 "A String", 2497 ], 2498 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 2499 # 2500 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 2501 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 2502 # set to `true`, then the values from the effective `Policy` of the parent 2503 # resource are inherited, meaning the values set in this `Policy` are 2504 # added to the values inherited up the hierarchy. 2505 # 2506 # Setting `Policy` hierarchies that inherit both allowed values and denied 2507 # values isn't recommended in most circumstances to keep the configuration 2508 # simple and understandable. However, it is possible to set a `Policy` with 2509 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 2510 # In this case, the values that are allowed must be in `allowed_values` and 2511 # not present in `denied_values`. 2512 # 2513 # For example, suppose you have a `Constraint` 2514 # `constraints/serviceuser.services`, which has a `constraint_type` of 2515 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 2516 # Suppose that at the Organization level, a `Policy` is applied that 2517 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 2518 # `Policy` is applied to a project below the Organization that has 2519 # `inherit_from_parent` set to `false` and field all_values set to DENY, 2520 # then an attempt to activate any API will be denied. 2521 # 2522 # The following examples demonstrate different possible layerings for 2523 # `projects/bar` parented by `organizations/foo`: 2524 # 2525 # Example 1 (no inherited values): 2526 # `organizations/foo` has a `Policy` with values: 2527 # {allowed_values: “E1” allowed_values:”E2”} 2528 # `projects/bar` has `inherit_from_parent` `false` and values: 2529 # {allowed_values: "E3" allowed_values: "E4"} 2530 # The accepted values at `organizations/foo` are `E1`, `E2`. 2531 # The accepted values at `projects/bar` are `E3`, and `E4`. 2532 # 2533 # Example 2 (inherited values): 2534 # `organizations/foo` has a `Policy` with values: 2535 # {allowed_values: “E1” allowed_values:”E2”} 2536 # `projects/bar` has a `Policy` with values: 2537 # {value: “E3” value: ”E4” inherit_from_parent: true} 2538 # The accepted values at `organizations/foo` are `E1`, `E2`. 2539 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 2540 # 2541 # Example 3 (inheriting both allowed and denied values): 2542 # `organizations/foo` has a `Policy` with values: 2543 # {allowed_values: "E1" allowed_values: "E2"} 2544 # `projects/bar` has a `Policy` with: 2545 # {denied_values: "E1"} 2546 # The accepted values at `organizations/foo` are `E1`, `E2`. 2547 # The value accepted at `projects/bar` is `E2`. 2548 # 2549 # Example 4 (RestoreDefault): 2550 # `organizations/foo` has a `Policy` with values: 2551 # {allowed_values: “E1” allowed_values:”E2”} 2552 # `projects/bar` has a `Policy` with values: 2553 # {RestoreDefault: {}} 2554 # The accepted values at `organizations/foo` are `E1`, `E2`. 2555 # The accepted values at `projects/bar` are either all or none depending on 2556 # the value of `constraint_default` (if `ALLOW`, all; if 2557 # `DENY`, none). 2558 # 2559 # Example 5 (no policy inherits parent policy): 2560 # `organizations/foo` has no `Policy` set. 2561 # `projects/bar` has no `Policy` set. 2562 # The accepted values at both levels are either all or none depending on 2563 # the value of `constraint_default` (if `ALLOW`, all; if 2564 # `DENY`, none). 2565 # 2566 # Example 6 (ListConstraint allowing all): 2567 # `organizations/foo` has a `Policy` with values: 2568 # {allowed_values: “E1” allowed_values: ”E2”} 2569 # `projects/bar` has a `Policy` with: 2570 # {all: ALLOW} 2571 # The accepted values at `organizations/foo` are `E1`, E2`. 2572 # Any value is accepted at `projects/bar`. 2573 # 2574 # Example 7 (ListConstraint allowing none): 2575 # `organizations/foo` has a `Policy` with values: 2576 # {allowed_values: “E1” allowed_values: ”E2”} 2577 # `projects/bar` has a `Policy` with: 2578 # {all: DENY} 2579 # The accepted values at `organizations/foo` are `E1`, E2`. 2580 # No value is accepted at `projects/bar`. 2581 # 2582 # Example 10 (allowed and denied subtrees of Resource Manager hierarchy): 2583 # Given the following resource hierarchy 2584 # O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, 2585 # `organizations/foo` has a `Policy` with values: 2586 # {allowed_values: "under:organizations/O1"} 2587 # `projects/bar` has a `Policy` with: 2588 # {allowed_values: "under:projects/P3"} 2589 # {denied_values: "under:folders/F2"} 2590 # The accepted values at `organizations/foo` are `organizations/O1`, 2591 # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, 2592 # `projects/P3`. 2593 # The accepted values at `projects/bar` are `organizations/O1`, 2594 # `folders/F1`, `projects/P1`. 2595 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 2596 # that matches the value specified in this `Policy`. If `suggested_value` 2597 # is not set, it will inherit the value specified higher in the hierarchy, 2598 # unless `inherit_from_parent` is `false`. 2599 "deniedValues": [ # List of values denied at this resource. Can only be set if `all_values` 2600 # is set to `ALL_VALUES_UNSPECIFIED`. 2601 "A String", 2602 ], 2603 }, 2604 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 2605 # resource. 2606 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 2607 # configuration is acceptable. 2608 # 2609 # Suppose you have a `Constraint` 2610 # `constraints/compute.disableSerialPortAccess` with `constraint_default` 2611 # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 2612 # behavior: 2613 # - If the `Policy` at this resource has enforced set to `false`, serial 2614 # port connection attempts will be allowed. 2615 # - If the `Policy` at this resource has enforced set to `true`, serial 2616 # port connection attempts will be refused. 2617 # - If the `Policy` at this resource is `RestoreDefault`, serial port 2618 # connection attempts will be allowed. 2619 # - If no `Policy` is set at this resource or anywhere higher in the 2620 # resource hierarchy, serial port connection attempts will be allowed. 2621 # - If no `Policy` is set at this resource, but one exists higher in the 2622 # resource hierarchy, the behavior is as if the`Policy` were set at 2623 # this resource. 2624 # 2625 # The following examples demonstrate the different possible layerings: 2626 # 2627 # Example 1 (nearest `Constraint` wins): 2628 # `organizations/foo` has a `Policy` with: 2629 # {enforced: false} 2630 # `projects/bar` has no `Policy` set. 2631 # The constraint at `projects/bar` and `organizations/foo` will not be 2632 # enforced. 2633 # 2634 # Example 2 (enforcement gets replaced): 2635 # `organizations/foo` has a `Policy` with: 2636 # {enforced: false} 2637 # `projects/bar` has a `Policy` with: 2638 # {enforced: true} 2639 # The constraint at `organizations/foo` is not enforced. 2640 # The constraint at `projects/bar` is enforced. 2641 # 2642 # Example 3 (RestoreDefault): 2643 # `organizations/foo` has a `Policy` with: 2644 # {enforced: true} 2645 # `projects/bar` has a `Policy` with: 2646 # {RestoreDefault: {}} 2647 # The constraint at `organizations/foo` is enforced. 2648 # The constraint at `projects/bar` is not enforced, because 2649 # `constraint_default` for the `Constraint` is `ALLOW`. 2650 }, 2651 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 2652 # concurrency control. 2653 # 2654 # When the `Policy` is returned from either a `GetPolicy` or a 2655 # `ListOrgPolicy` request, this `etag` indicates the version of the current 2656 # `Policy` to use when executing a read-modify-write loop. 2657 # 2658 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 2659 # `etag` will be unset. 2660 # 2661 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 2662 # that was returned from a `GetOrgPolicy` request as part of a 2663 # read-modify-write loop for concurrency control. Not setting the `etag`in a 2664 # `SetOrgPolicy` request will result in an unconditional write of the 2665 # `Policy`. 2666 }</pre> 2667</div> 2668 2669<div class="method"> 2670 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 2671 <pre>Returns permissions that a caller has on the specified Project. 2672 2673There are no permissions required for making this API call. 2674 2675Args: 2676 resource: string, REQUIRED: The resource for which the policy detail is being requested. 2677See the operation documentation for the appropriate value for this field. (required) 2678 body: object, The request body. (required) 2679 The object takes the form of: 2680 2681{ # Request message for `TestIamPermissions` method. 2682 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 2683 # wildcards (such as '*' or 'storage.*') are not allowed. For more 2684 # information see 2685 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 2686 "A String", 2687 ], 2688 } 2689 2690 x__xgafv: string, V1 error format. 2691 Allowed values 2692 1 - v1 error format 2693 2 - v2 error format 2694 2695Returns: 2696 An object of the form: 2697 2698 { # Response message for `TestIamPermissions` method. 2699 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 2700 # allowed. 2701 "A String", 2702 ], 2703 }</pre> 2704</div> 2705 2706<div class="method"> 2707 <code class="details" id="undelete">undelete(projectId, body=None, x__xgafv=None)</code> 2708 <pre>Restores the Project identified by the specified 2709`project_id` (for example, `my-project-123`). 2710You can only use this method for a Project that has a lifecycle state of 2711DELETE_REQUESTED. 2712After deletion starts, the Project cannot be restored. 2713 2714The caller must have modify permissions for this Project. 2715 2716Args: 2717 projectId: string, The project ID (for example, `foo-bar-123`). 2718 2719Required. (required) 2720 body: object, The request body. 2721 The object takes the form of: 2722 2723{ # The request sent to the UndeleteProject 2724 # method. 2725 } 2726 2727 x__xgafv: string, V1 error format. 2728 Allowed values 2729 1 - v1 error format 2730 2 - v2 error format 2731 2732Returns: 2733 An object of the form: 2734 2735 { # A generic empty message that you can re-use to avoid defining duplicated 2736 # empty messages in your APIs. A typical example is to use it as the request 2737 # or the response type of an API method. For instance: 2738 # 2739 # service Foo { 2740 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 2741 # } 2742 # 2743 # The JSON representation for `Empty` is empty JSON object `{}`. 2744 }</pre> 2745</div> 2746 2747<div class="method"> 2748 <code class="details" id="update">update(projectId, body, x__xgafv=None)</code> 2749 <pre>Updates the attributes of the Project identified by the specified 2750`project_id` (for example, `my-project-123`). 2751 2752The caller must have modify permissions for this Project. 2753 2754Args: 2755 projectId: string, The project ID (for example, `my-project-123`). 2756 2757Required. (required) 2758 body: object, The request body. (required) 2759 The object takes the form of: 2760 2761{ # A Project is a high-level Google Cloud Platform entity. It is a 2762 # container for ACLs, APIs, App Engine Apps, VMs, and other 2763 # Google Cloud Platform resources. 2764 "name": "A String", # The optional user-assigned display name of the Project. 2765 # When present it must be between 4 to 30 characters. 2766 # Allowed characters are: lowercase and uppercase letters, numbers, 2767 # hyphen, single-quote, double-quote, space, and exclamation point. 2768 # 2769 # Example: <code>My Project</code> 2770 # Read-write. 2771 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 2772 # 2773 # Supported parent types include "organization" and "folder". Once set, the 2774 # parent cannot be cleared. The `parent` can be set on creation or using the 2775 # `UpdateProject` method; the end user must have the 2776 # `resourcemanager.projects.create` permission on the parent. 2777 # 2778 # Read-write. 2779 # Cloud Platform is a generic term for something you (a developer) may want to 2780 # interact with through one of our API's. Some examples are an App Engine app, 2781 # a Compute Engine instance, a Cloud SQL database, and so on. 2782 "type": "A String", # Required field representing the resource type this id is for. 2783 # At present, the valid types are: "organization" and "folder". 2784 "id": "A String", # Required field for the type-specific id. This should correspond to the id 2785 # used in the type-specific API's. 2786 }, 2787 "projectId": "A String", # The unique, user-assigned ID of the Project. 2788 # It must be 6 to 30 lowercase letters, digits, or hyphens. 2789 # It must start with a letter. 2790 # Trailing hyphens are prohibited. 2791 # 2792 # Example: <code>tokyo-rain-123</code> 2793 # Read-only after creation. 2794 "labels": { # The labels associated with this Project. 2795 # 2796 # Label keys must be between 1 and 63 characters long and must conform 2797 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 2798 # 2799 # Label values must be between 0 and 63 characters long and must conform 2800 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label 2801 # value can be empty. 2802 # 2803 # No more than 256 labels can be associated with a given resource. 2804 # 2805 # Clients should store labels in a representation such as JSON that does not 2806 # depend on specific characters being disallowed. 2807 # 2808 # Example: <code>"environment" : "dev"</code> 2809 # Read-write. 2810 "a_key": "A String", 2811 }, 2812 "createTime": "A String", # Creation time. 2813 # 2814 # Read-only. 2815 "lifecycleState": "A String", # The Project lifecycle state. 2816 # 2817 # Read-only. 2818 "projectNumber": "A String", # The number uniquely identifying the project. 2819 # 2820 # Example: <code>415104041262</code> 2821 # Read-only. 2822} 2823 2824 x__xgafv: string, V1 error format. 2825 Allowed values 2826 1 - v1 error format 2827 2 - v2 error format 2828 2829Returns: 2830 An object of the form: 2831 2832 { # A Project is a high-level Google Cloud Platform entity. It is a 2833 # container for ACLs, APIs, App Engine Apps, VMs, and other 2834 # Google Cloud Platform resources. 2835 "name": "A String", # The optional user-assigned display name of the Project. 2836 # When present it must be between 4 to 30 characters. 2837 # Allowed characters are: lowercase and uppercase letters, numbers, 2838 # hyphen, single-quote, double-quote, space, and exclamation point. 2839 # 2840 # Example: <code>My Project</code> 2841 # Read-write. 2842 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 2843 # 2844 # Supported parent types include "organization" and "folder". Once set, the 2845 # parent cannot be cleared. The `parent` can be set on creation or using the 2846 # `UpdateProject` method; the end user must have the 2847 # `resourcemanager.projects.create` permission on the parent. 2848 # 2849 # Read-write. 2850 # Cloud Platform is a generic term for something you (a developer) may want to 2851 # interact with through one of our API's. Some examples are an App Engine app, 2852 # a Compute Engine instance, a Cloud SQL database, and so on. 2853 "type": "A String", # Required field representing the resource type this id is for. 2854 # At present, the valid types are: "organization" and "folder". 2855 "id": "A String", # Required field for the type-specific id. This should correspond to the id 2856 # used in the type-specific API's. 2857 }, 2858 "projectId": "A String", # The unique, user-assigned ID of the Project. 2859 # It must be 6 to 30 lowercase letters, digits, or hyphens. 2860 # It must start with a letter. 2861 # Trailing hyphens are prohibited. 2862 # 2863 # Example: <code>tokyo-rain-123</code> 2864 # Read-only after creation. 2865 "labels": { # The labels associated with this Project. 2866 # 2867 # Label keys must be between 1 and 63 characters long and must conform 2868 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 2869 # 2870 # Label values must be between 0 and 63 characters long and must conform 2871 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label 2872 # value can be empty. 2873 # 2874 # No more than 256 labels can be associated with a given resource. 2875 # 2876 # Clients should store labels in a representation such as JSON that does not 2877 # depend on specific characters being disallowed. 2878 # 2879 # Example: <code>"environment" : "dev"</code> 2880 # Read-write. 2881 "a_key": "A String", 2882 }, 2883 "createTime": "A String", # Creation time. 2884 # 2885 # Read-only. 2886 "lifecycleState": "A String", # The Project lifecycle state. 2887 # 2888 # Read-only. 2889 "projectNumber": "A String", # The number uniquely identifying the project. 2890 # 2891 # Example: <code>415104041262</code> 2892 # Read-only. 2893 }</pre> 2894</div> 2895 2896</body></html>